Protect backup data from ransomware attacks
The National Cyber Security Centre (NCSC) has published new guidance on protecting backup data from ransomware attacks. The principles set out the features that backup systems should have to resist destruction by ransomware.
Backup data is essential for recovery after a ransomware attack. There are two main backup methods:
- storing copies on physical on-premises storage, managed by you or a third party
- using a cloud-based backup service that handles some of the management
The new guidance covers principles for both on-premises and cloud-based backups.
Key principles for ransomware-resistant backups
For both on-premises and cloud-based backups, the NCSC recommends that you:
- ensure encryption and key management to protect backup data
- enable restoration from earlier backups, even if later versions are corrupted
- set up alerts for unusual changes or privileged actions
- ensure backups are resilient to destructive actions
For on-premises backups, the NCSC also advises that you:
- isolate backup systems to prevent them from being compromised
- keep backups up to date with the latest security patches
For cloud-based backups, the NCSC recommends that you configure systems to prevent complete denial of access to customers.
Why this matters
Ransomware actors often target backup systems early in an attack to prevent recovery and force victims to pay a ransom. Without proper protection, backup data is at risk of being destroyed or encrypted, making recovery after a ransomware attack difficult. The NCSC’s new principles will help organisations protect their backups and improve recovery chances.
This guidance is for both backup providers and their customers. Providers can use it to show how their services protect data from ransomware, while organisations can use it to assess and improve their backup solutions.
Read the full ransomware-resistant backups guidance.
Note this is not guidance about how to back up your data – you can find out more about this in the NCSC’s mitigating malware and ransomware guidance
 
				 
															

