Ransomware is just about everywhere these days.
A recent study by Positive Technologies looked at the cyber threat landscape during the second quarter of 2021 and found that ransomware attacks reached “stratospheric” levels, accounting for 69% of all malware attacks – that’s a jump of 30 points from the same quarter in 2020.
Email remains the main method of spreading malware in attacks against organizations (58%) – although a recent HP study found that number to be even higher, at 89%.
Small and mid-size businesses (SMBs), in particular, are in the crosshairs of cybercriminals. While large enterprises and financial institutions may represent richer targets, they also have expert teams of security and IT personnel, as well as a rich array of security defenses, pricey consultants and recovery services.
SMBs, on the other hand, often have little or no security expertise, and many haven’t invested in a defense-in-depth security posture. In the world of ransomware, the bad guys often opt for the easy pickings of an inattentive SMB. Thus, SMBs should heed FBI warnings and take extra precautions to avoid becoming a target.
Ransomware Backup Protection
The good news is that one of the most important ransomware protections – a reliable and recent backup of your most important data – is available to anyone, and is something you also need to be doing for disaster recovery services. In the event of a ransomware attack, that backup will prove invaluable. But the backup must avoid becoming infected with malware. If that happens, any attempt at restoring files will still find the files encrypted and unavailable.
Fortunately, the vendor community has responded to the challenge. There are now a great many backup solutions that offer ransomware protection. Many of these are now available from managed service providers (MSPs) that do all the heavy lifting for SMBs. For a relatively low monthly fee, files are backed up automatically and protective mechanisms are put in place to thwart ransomware.
Also see our picks for the best backup tools for MSPs looking to offer ransomware protection services to their customers.
Ransomware Backup Features
There are some features to look for in a ransomware backup service that are pretty critical. Be sure to ask potential vendors about all these issues.
- The most important feature to look for is immutability, or a copy of your data that can’t be changed or encrypted by cybercriminals. Another term for this is ultra-resilient. There’s also the 3-2-1 rule: you want three copies of your data on two different types of media, with one copy kept offline.
- Many buyers want an air-gapped copy of their data – if it’s offline, it can’t be hacked, but there are often small windows during the data backup process when that data is online. They’re small, though, so the risk is relatively small, and vendors have protective steps they can take.
- You also need to consider recovery time. If you ever need to restore your critical data, it needs to happen as fast as possible. Make sure you have the bandwidth for recovery, and your best storage medium is likely disk: Because disk can use RAID striping, that data can be recovered faster than tape. But research this issue carefully and calculate your recovery time and needs (often called recovery time objectives, or RTOs, and recovery point objectives, or RPOs). Some vendors say they’re able to help clients recover quickly through virtual machines (VMs) too.
Top Ransomware Backup Services
The editors of Channel Insider reviewed a number of backup providers whose services include ransomware protection. Below are the ones that most stood out to us.
Carbonite Backup for Microsoft 365 offers backup for the entire Microsoft 365 suite of productivity apps. It allows businesses and IT organizations to recover individual files and folders, permissions settings as well as complete site collections. It also protects data from a range of everyday data loss scenarios, including ransomware.
Carbonite’s key features
- Protects the Microsoft 365 suite – including SharePoint, OneDrive, Email, and Teams
- Performs site-level rollback or recovery for individual items including mailboxes, conversations, and files
- Runs automatic backups up to four times per day
- Simplifies administrative tasks with legal hold, audit reporting, role-based access, APIs and exports
- Protects against data loss threats including human error, hardware failure and ransomware
- On-boarding and recovery support 24×7
- Captures changes in Microsoft 365 applications and replicates them to a secondary instance in Microsoft Azure
- When it’s time to recover, you can perform granular and full-fidelity restore of Microsoft 365 content
- Uses simple search to recover content from Teams, SharePoint, Email, Calendar and OneDrive
- Restores based on owner, subject line, content type and more
AvePoint helps organizations protect data and bounce back from data loss. This cloud backup solution can recover from permissions problems, corrupt content, or complex data loss scenarios. It includes cloud-to-cloud backup to recover, whether it’s user error, an outage, or a ransomware attack.
AvePoint’s key features
- Anytime access, including offline access to data during service outages
- Long-term data retention
- Granular roll-back to avoid data loss upon restore
- A SaaS solution designed to back up other SaaS services such as Salesforce, Google Workspace, or Microsoft 365
- Avoids the overhead of virtual machine-based, on-premises, or hybrid solutions
- Works for 10 to 10,000 users
- Currently protects over 50 petabytes of data
- Built-in storage and encryption
- ISO:27001 certified so you can rest easy
Read about AvePoint’s new channel partner program.
The Zerto platform simplifies the backup, protection, recovery, and mobility of applications and data across private, public, and hybrid clouds. Its software-only platform uses continuous data protection to converge disaster recovery, backup, and data mobility.
Zerto’s key features
- Protection from human errors, programmatic errors, malicious insiders, external hackers, and viruses and ransomware
- Zerto Backup for SaaS offers backup and recovery for Microsoft 365, Salesforce, Google Workspace, and Microsoft Dynamics 365
- Users can failover to any secondary location (on-premises, public cloud, or service providers) without data loss
- Zerto Continuous Data Protection (CDP) eliminates periodic backups and snapshots, bringing always-on replication to perform disaster recovery and data protection
- Always-on Replication by continuous capture and tracking of data modifications
- Consistent recovery of multi-VM applications
- Automated, simple workflows for all recovery, restore, move, and failover operations from entire data centers to single file; these workflows unlock RTOs of minutes, even for ransomware
Part of Unitrends’ mission is to eliminate data loss, ransomware, and downtime. It has been working in backup and recovery for more than 30 years. Its centralized platform allows users to manage backup and recovery for data centers, servers, endpoints, cloud, and software as a service (SaaS).
Unitrends key features
- Unitrends Helix eliminates failed backups due to environmental issues normally outside the control of a backup solution
- Integrates backup and DR with automation and security
- Data loss and downtime protections include ransomware detection, dark web monitoring for stolen credentials to eliminate account takeover attacks, and phishing defense tools
- Available as an all-in-one, scalable physical appliance (Recovery Series) or a virtual appliance (Unitrends Backup) which can run on VMware vSphere, Microsoft Hyper-V, Nutanix AHV, or be deployed as a virtual machine within the Microsoft Azure or Amazon Web Services cloud
Rubrik’s data protection solutions cover workloads across on-premises and the cloud. They archive to the cloud, scale, and have built-in ransomware recovery. Te service simplifies backup and recovery for hybrid cloud environments. With Rubrik, businesses can unlock cloud for long-term data retention or DR and deliver automation with an API-based platform.
Rubrik’s key features
- Designed to be vendor-agnostic
- Supports most operating systems, databases, hypervisors, clouds, and SaaS applications
- Meets backup windows and recovery objectives with a simple policy engine
- Integrates data orchestration, catalog management and continuous data protection into a single platform
- Understand who is accessing files and recover rapidly to a known good state
- Helps generate effective ransomware remediation plans to ensure users can quickly respond to a cyberattack without paying any ransom
- Backups can’t be encrypted or deleted during a ransomware attack, enabling users to recover quickly
- Provides visibility into the scope of ransomware damage
- Alerts about unusual behavior from ransomware infections
- Immutable file system
Druva provides cloud data protection and management. It offers data protection and backup services with ransomware protection included. It provides a way to centrally protect and govern data across multiple SaaS applications.
Druva’s key features
- Druva’s golden snapshots quickly recover data
- Whether you use Microsoft 365, Google, or Salesforce, you can orchestrate SaaS data management, remove complexity, and reduce admin overhead
- 15-minute deployment, near zero admin burden
- Metadata-centric architecture offers support for managing and securing data in the cloud with long-term retention, and regulatory compliance
- Centralized visibility over globally distributed data
- Intelligent data classification and federated search for easy discovery
- Out-of-the-box controls for multiple regulations (GDPR, HIPAA, FedRAMP, CCPA)
- Scale needs up or down
- No hardware to maintain or support
- Platform meets security and compliance requirements such as SSAE18 SOC2 Type II compliance, FedRAMP, FIPS, HIPAA, GDPR, TRUST-E, and APPI
Paired with Acronis Cyber Protect Cloud, the Acronis Advanced Backup pack enables you to extend cloud and server backup capabilities to protect their data. There is also Acronis Cyber Backup, a backup as a service solution that delivers enterprise-grade cyber protection packaged and priced for small infrastructures.
Acronis key features
- Available in consumption-based or per-workload licensing models, you can minimize data loss across your infrastructure and workloads with backup and recovery technology that is enhanced with cyber protection
- Protection for more than 20 platforms
- Back up workloads, including Mac, Windows, Linux, Microsoft 365, Google Workspace, Hyper-V, VMware, and more
- Uses Acronis-hosted storage, public clouds such as Microsoft Azure, or MSP local storage
- Continuous data protection (CDP) via an Acronis agent that monitors and backs up changes in real-time with near-zero RPOs
- Anti-malware and antivirus
Safeguard your business with ransomware protection that avoids data loss or paying a costly ransom. Veeam’s software-first approach gives the flexibility to maintain immutable storage, whether on-premises or in the cloud
Veeam’s key features
- Comprehensive ransomware remediation
- Infrastructure flexibility
- Automated backup verifications
- Fast, reliable recovery
- Veeam Backup & Replication with Veeam ONE is easy-to-use, reliable, and flexible
- No additional Veeam cost to use cloud storage
- The Veeam Hardened Repository allows any Linux system to store immutable copies of backup data
- Veeam ONE alarms are in place to observe possible ransomware activity from CPU, memory, network upload (for extortion behavior) and suspicious incremental sizes of backups that are taken
- Veeam DataLabs ensure data is recoverable via features such as SureBackup, on-demand virtual labs, Secure Restore, and Data Integration API capabilities to verify recoverability but also to not re-introduce ransomware threats during a restore