• United States



Contributing Writer

5 tips for better backups with Azure Backup Agent

May 16, 20194 mins
Backup and RecoveryRansomwareSecurity

Both on-premises and cloud networks need backup solutions that allow you to recover from ransomware attacks quickly. One option is to use the Azure Backup Agent.

CSO > Microsoft Azure backups / cloud computing / binary code / data transfer
Credit: Microsoft / Just_Super / Getty Images

You’ve seen the headlines of how businesses were harmed by ransomware. Ransomware depends on encryption; there is a public key and a private key. Unless you have the private key, you can’t readily get your data back. Any time you hear someone say that they went to a site such as and got their data back, it was because some organization was able to obtain the private key and post it there. You can’t always depend on that situation.

You can take steps to avoid ransomware, including ensuring that you look carefully at emails that include links, educating your users to recognize questionable email messages, staying current on software updates, and not exposing port 3389 (remote desktop) directly on the web.

If all that fails and you fall victim to ransomware, there is a guaranteed way to recover from it: having a good backup. It is the best way to recover from a ransomware attack. Recently, the Maersk company recovered from a devastating ransomware attack, but not with a backup. They had none. Amazingly, they were able to recover their domain using a single domain controller that was not connected to the internet at the time of the ransomware infection. Maersk got lucky.

Maersk’s backup strategy was trust in synchronization. Enterprises often don’t back up domain controllers, but merely put another online and synchronize it in the network. The “backup” in their eyes is another copy of Active Directory in another location. They never anticipate that their entire domain would be infected to the extent that they needed a backup.

As we move from traditional domain controllers and on-premises computers to cloud services and situations where data is synchronized across systems, take the time to review how you do backups and change your solutions accordingly.

Backup steps for cloud environments that rely on synchronization and distributed files

  • Ensure you have versioning. Cloud services often rely on synchronization. If you are a victim or a ransomware attack, you need to be able to roll back to a prior version. Versioning may not be default and may not be set up to have the number of versions you will need.
  • Ensure you know how to disable the synchronization client. In the case of SharePoint, you want to temporarily stop the synchronizations if someone hasn’t yet caught the new changes.
  • Review options for third-party backup solutions for cloud platforms. The vendor that provides you with a cloud service may not backup your files as often as you like, or the recovery process may take time to open support tickets and wait for their technicians to perform the steps to recover the files. Most cloud solutions also have third-party vendors sell cloud-based backups. This gives you additional options to recover.

Backup steps for on-premises systems

  • Ensure that your backup solution uses a different user account than the logged-in user. Most ransomware attacks come in from a user and whatever that user has access to is encrypted. Often the first step to determine who has accidentally infected the network is to find any encrypted file, right-click on it and look at the properties of the file. The owner of the file will be the person that infected the network. This will help you understand the impact on the network and whether it is widespread or limited.
  • Ensure you have multiple methodologies to back up files. These days you can add an Azure backup to nearly any platform (even Windows 7) by downloading KB3015072 on Windows 7.1, Windows 8.1. You then go to the Azure portal, set up an account, set up a password to properly secure the data in the Azure portal and back up the data online.
bradley backup Susan Bradley

Azure backup report

Azure backup can back up virtual machines as well as physical machines. To set up an Azure backup, sign up for a trial and follow the step-by-step instructions.

Use the headlines of ransomware to force a reevaluation of your backup methodologies and processes. Don’t be the business that has no other option than to pay the ransom. Have a backup. It sounds so simple and yet it’s overlooked by so many.

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for, is a moderator on the listserve, and writes a column of Windows security tips for In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

More from this author