New guidance on ransomware-resistant backups

10 December 2024

News article

Protect backup data from ransomware attacks

The National Cyber Security Centre (NCSC) has published new guidance on protecting backup data from ransomware attacks. The principles set out the features that backup systems should have to resist destruction by ransomware.

Backup data is essential for recovery after a ransomware attack. There are two main backup methods:

storing copies on physical on-premises storage, managed by you or a third party
using a cloud-based backup service that handles some of the management

The new guidance covers principles for both on-premises and cloud-based backups.

Key principles for ransomware-resistant backups

For both on-premises and cloud-based backups, the NCSC recommends that you:

ensure encryption and key management to protect backup data
enable restoration from earlier backups, even if later versions are corrupted
set up alerts for unusual changes or privileged actions
ensure backups are resilient to destructive actions

For on-premises backups, the NCSC also advises that you:

isolate backup systems to prevent them from being compromised
keep backups up to date with the latest security patches

For cloud-based backups, the NCSC recommends that you configure systems to prevent complete denial of access to customers.

Why this matters

Ransomware actors often target backup systems early in an attack to prevent recovery and force victims to pay a ransom. Without proper protection, backup data is at risk of being destroyed or encrypted, making recovery after a ransomware attack difficult. The NCSC's new principles will help organisations protect their backups and improve recovery chances.

This guidance is for both backup providers and their customers. Providers can use it to show how their services protect data from ransomware, while organisations can use it to assess and improve their backup solutions.

Read the full ransomware-resistant backups guidance.

Note this is not guidance about how to back up your data – you can find out more about this in the NCSC's mitigating malware and ransomware guidance.

First published 10 December 2024

Printer-friendly version

Actions

NCSC's small business guide

NCSC's device security guidance

Also on this site

Protect your business from ransomware

Ransomware payment guidance

Guides
- Find guides by sector
- Find guides by theme
  - Starting a business
    - Before you start your business
      - Considering starting a business
      - Start-up business ideas
    - Start your business
    - Running your start-up business
    - Grow your start-up business
      - Trade with other countries
      - Take steps to grow your business
  - Finance
    - Find local finance
      - Northern Ireland business support finder
    - Raising finance
    - Managing finance
    - Financial difficulty
      - Managing financial difficulty
  - Taxes
    - Business tax
    - Self-employed and tax
      - Setting up as self-employed and tax
      - Help and support for the self-employed
    - PAYE and payroll
      - PAYE and payroll for employers
    - Keeping records for business
      - Record-keeping
    - Excise duties
    - Industry-specific taxes
    - Complying with European law
    - Contact or deal with HM Revenue & Customs (HMRC)
    - Companies House returns, accounts and other responsibilities
    - Business changes
      - Making changes to your business
    - Selling, closing or restarting your business
    - Accountants and tax advisers
  - Employment and skills
    - HR documents and templates
    - Recruitment
    - Employment documents and policies
      - Staff documents and employment policies
    - Pay, pensions and minimum wage
    - Manage people
    - Holidays, statutory leave and time off
      - Holiday, other leave and sickness
      - Maternity, paternity, adoption and parental leave
    - Performance, training and development
    - Resolve conflict and staff leaving
      - Problems at work
      - Dismissals and staff leaving
  - Health and safety
    - Coronavirus (COVID-19): Staying safe at work
    - Health and safety basics
      - Protecting your business
    - Health and safety made simple
    - Make your business safer
      - Managing the welfare of people
      - Safer ways of working
  - Efficiency and environment
    - Environmental action to improve your business
    - Reduce, reuse, recycle your business waste
    - Resource efficiency
    - Reducing your environmental impact
    - Environmental guidance by business sector
  - Business premises and rates
    - Choosing the right business property
    - Rates for non-domestic properties
      - Business rates
    - Property management and costs
    - Adapting and improving your property
      - Make your property more efficient
      - Disabled access and facilities in business premises
  - Innovation and R&D
    - Product and service development
      - Developing products and services
      - Research and development
    - Design and business innovation
      - Use innovation in your business
      - Design for business success
    - Intellectual property
      - Intellectual property for business
      - Patents, trade marks, copyright and design
  - Sales and marketing
    - Business contracts and fair competition
    - Consumer rights and protection
    - Marketing your business
    - Product safety
    - Sales laws
    - Know your customers
    - Maximise your sales
  - IT
    - IT basics
      - Introduction to IT
      - Choosing suppliers
    - Software and technology solutions
      - Software and business applications
      - Communications
    - Getting online
      - Create and manage a website
      - E-commerce
    - Security and data protection
      - Data protection and legal issues
      - IT security and risks
  - Exporting and importing
    - Basics of importing and exporting
    - Choosing a market
      - Doing business in the EU
      - Trading with countries outside the EU
    - Procedures and licences
    - Sector overviews and regulations
    - Moving your goods
    - Customs declarations
      - National Clearance Hub
  - Grow your business
    - Prepare for growth
      - Assessing current performance
      - Planning business growth
    - Strategies for growth
    - Finance and logistics
      - How to grow your business
      - Financing growth
    - Managing growth
      - Leading staff through growth
      - Manage business risks
  - Buy or sell a business
    - Acquiring a business
    - Selling your business
    - Exiting and transferring your business
      - Businesses in difficulty
      - Transferring your business
Resources
News
Events