How Backups Protect Your Databases From Malware Attacks

by Oct 14, 2019

The daily responsibilities of a DBA make it an extremely challenging and critical role in a company’s IT department. The importance of an organization’s data resources has never been greater as they leverage their assets and employ analytics to achieve a competitive advantage. In many cases, loss of production databases can have a disastrous impact on a business.

Maintaining these databases is a DBA’s main job. Their tasks range from writing SQL queries that interrogate their databases to finding innovative ways to optimize performance. There are many housekeeping tasks that provide the members of a database team with plenty of work. Keeping end-users and management satisfied is a balancing act which any competent DBA needs to know how to perform.

The increased focus on a company’s data assets is, unfortunately, not confined to members of the organization. Your data holds value to many other entities that are not entitled to access it. These actors may be trying to gain access to sensitive information at this very moment. Their tactics vary, but their intentions are fairly consistent. They want to compromise your data or the systems that contain it for some type of financial gain. Sometimes, there’s not much you can do to stop them.

New and Old Dangers Pose Similar Risks

Antivirus software and secure firewalls are your first line of defense against hackers. While these tools help protect you to some extent, they are not impervious to failure or to an enterprising attack that employs a newly discovered security flaw.

A zero-day vulnerability in the popular MySQL administration tool phpMyAdmin has recently been publicized that allows hackers to create fake hyperlinks which can be used to tempt a user to unknowingly execute malicious code on their system. The exploit can result in a targeted server being unwittingly deleted by web administrators. To date, this vulnerability has not been patched.

Even when patches are available, they need to be implemented to be effective. An example is a vulnerability discovered in the popular content management system (CMS) Drupal that was patched 18 months ago. Drupal is often used with MySQL instances to run web applications. A remote code execution vulnerability known as Drupalgeddon2 is still being used in attacks on high-profile websites.

It doesn’t matter if you are attacked due to new or old techniques or security flaws. The result of a successful attack can be just as damaging to your organization and may require you to quickly restore your systems. Being ready for that is the key to survival in the wild world of cybercrime.

Backups May Be Your Only Remedy

In the aftermath of a ransomware attack, the main concern is to regain access to the maliciously encrypted data as quickly as possible. Tracking down the perpetrators and closing the door they used to hijack your systems is secondary until the affected systems are up and running again. The financial losses and hit to your company’s reputation can increase with each hour that it takes to recover your data safely.

Paying the ransom is not the preferred course of action. For one thing, since you are dealing with cybercriminals, there is no assurance that your data will be restored after meeting their monetary demands. You may end up with crippled systems, a lighter wallet, and the same issue of inaccessible data. There will not be a survey sent out asking if you were satisfied with their service. The best-case scenario is that you never have any contact with the hackers again.

Rather than paying some shady entity with the hope of getting your data back, a proactive defense against this kind of attack is a better organizational strategy. The best way to combat ransomware or malware that has corrupted or damaged your databases is to restore the data with valid backups. With a robust backup system in place, you can greatly reduce the harm that befalls your enterprise.

Based on the criticality of a particular database, backup policies should be in place that protects the data in a time-sensitive manner. This means taking more frequent backups of systems that the business relies on and that are constantly being dynamically updated or changed. A specific system may need to be backed up every hour for backups to remain viable for use in a recovery operation. In extreme cases, this might entail mirroring every update and transaction to an alternate site.

The operational difference between recovering from a backup and freeing your system with a successful ransom payoff is the length of time that has elapsed since the last backup. Unless your system was compromised at the exact instant a backup completed, restoring implies losing the most recently made updates to your database. The issue that needs to be answered when backing up important systems that may be subject to a ransomware attack is how much data can we afford to lose. Based on requirements you may need to perform backups hourly, daily or weekly. Your most recent backup is where you will fall back to in the event a recovery is required.

Instituting a Valid MySQL Backup Policy

As a DBA, one of the most important things you can do to protect your company’s data is to ensure that your databases are backed up regularly and based on the needs of the business. In a complex environment, treating this as a manual exercise exposes you to a costly oversight.

SQLyog can help your organization ensure that they are in a position to rapidly recover from a ransomware or other type of destructive malware infection. The tool offers a Scheduled Backup Wizard that makes it a simple task to schedule backups and keep your data secure. This feature is part of a comprehensive MySQL management tool which will streamline your DBAs’ workloads. With this tool in hand, there is no excuse for not having a viable MSQL backup ready to address a disaster.