Ransomware knows you have backups

The fantastic Knowbe4 blog posted a great article this morning listing 4 ways that ransomware can compromise your backups. You can read the full post here. My personal favorite is number three:

Plant a ransomware “time bomb.” To date, when ransomware encrypts a company’s data, the encryption generally occurs as soon as or shortly after it gets onto the corporate network. However, ransomware continues to evolve and mature and, as it does so, it grows both more patient and more insidious. Rather than encrypting data as soon as it breaches the corporate firewall, it begins to infect the data but does not immediate encrypt it. Then, only after days, weeks, or months go by and this infected data has been backed up for months does it initiate the encryption of the corporate data. In many respects, this is the worst type of ransomware attack. Not only is all of a company’s production data encrypted, the company thinks it has “good” backups and when it goes to restore the data, the restored data encrypts as well because it was infected when it was backed up. This may make it almost impossible for an organization to determine when it was initially infected and which of their backed up data they can reliably and confidently restore.

This is a really scary scenario. Imagine having backups of your systems and needing to recover in the event of an outage only to find that your backups are already compromised!


I actually had this conversation last week with a client while reviewing their network and backup strategy. I was happy to report that because we work with Datto all of our backup, recovery and continuity issues have largely been solved. Not only does Datto create a local backup and move it offsite to the Canadian Cloud automatically, but they scan those backups for malware when they do it! Our helpdesk team gets alerted if/when they find anything and we resolve the issue before you need to recover.


If you’re still stressed about data backup, give us a shout and we’ll help you navigate the options you have!