I’m confused about protecting backups from ransomware. Online, people say that backups are the most critical aspect to recovering from a ransomware attack.
But how do you protect the backups themselves from becoming encrypted too? Is it simply a matter of having totally unique and secure credentials for the backup medium?
Like, if I had a Synology NAS as a backup for my production environment’s shared storage, VM backups, etc, hooked up to the network via gigabit, what stops ransomware malware from encrypting that Synology too?
Thanks in advance for the feedback!
What about simulated air gaps? So a backup system that turns off its own networking abilities once its done with the current backup and only turns its networking back on when it's ready to start backing up again?