{"id":73921,"date":"2025-09-24T13:48:00","date_gmt":"2025-09-24T12:48:00","guid":{"rendered":"https:\/\/www.n-able.com\/?p=73921"},"modified":"2025-11-19T10:55:42","modified_gmt":"2025-11-19T10:55:42","slug":"backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense","title":{"rendered":"Backups Are Under Attack: How Anomaly Detection Shields Your Last Line of Defense"},"content":{"rendered":"<p>Your backups have become a prime target. Backups used to be the safety net \u2013 now attackers aim to cut it and force you to pay up. Why? Because if criminals can take down your backups, your options for recovery dwindle, and their leverage (and ransoms) soar.<\/p>\n<h2><strong>Having Backups is No Longer Enough \u2013 You Need to Actively Defend Them<\/strong><\/h2>\n<p>Backups are under direct fire from bad actors, and the fallout is severe. A 2024 study found that a staggering 94% of organizations hit by ransomware reported attempts by cybercriminals to compromise backups; if attackers succeed in compromising backups, organizations face far higher costs and recovery time. In fact, organizations whose backups were compromised experienced median ransomware recovery costs of $3M \u2013 8x higher than those whose backups were not impacted ($375K). They also found themselves paying closer to the full ransom demand (98% of the sum demanded) on average. In short, when backups are compromised, a bad day turns into a catastrophic one.<\/p>\n<p>Backups are the lifeline that allows businesses to refuse a ransom. Take that lifeline away, and victims often have no choice but to consider paying. This could mean wiping out backup infrastructure, quietly altering retention policies, or encrypting the backup data itself.<\/p>\n<p>This is where Anomaly Detection comes in. In this series, we\u2019ll explore the difference between Anomaly Detection and Malware Scanning and how our Anomaly Detection as a Service (ADaaS) functionality helps you:<\/p>\n<ul>\n<li>Keep backup infrastructure secure.<\/li>\n<li>Keep backup configurations intact.<\/li>\n<li>Identify clean backup copies.<\/li>\n<\/ul>\n<p>We\u2019ll also clarify why a holistic approach covering multiple attack vectors is critical for data resiliency (the ability to safeguard data integrity and swiftly resume operations in the event of a cyberattack).<\/p>\n<h2><strong>Anomaly Detection vs. Malware Scanning: Know the Difference<\/strong><\/h2>\n<p>Let\u2019s define Anomaly Detection and how it\u2019s different from Malware Scanning. Both are important tools, but they serve different purposes:<\/p>\n<ul>\n<li><strong>Malware Scanning<\/strong>: Malware scanners look for known bad files or signatures to check if any backup files contain known viruses or ransomware executables. Some use behavioural analysis by partially activating malware and inspecting its behaviour while others use proprietary algorithms. It\u2019s like a security guard checking IDs against a blacklist. Malware scanning is useful for catching known threats; however, it only finds what it recognizes. New or cleverly hidden malware might slip by, meaning classic malware scans alone might allow novel ransomware to get backed up without protest. Therefore, the objective of malware scanning is to contain the spread of damaging malware and ultimately remove it from the network.<\/li>\n<li><strong>Anomaly Detection<\/strong>: Anomaly Detection looks for unusual activity that deviates from the norm by leveraging machine learning to establish a baseline of normal operations and flag outliers. It asks, \u201cDoes this backup behaviour look normal, or is something off?\u201d For example, if your backups suddenly double in size overnight, or an unusually large number of files changed with random content, those are anomalies. It\u2019s like a smoke detector for your data, warning you that something might be on fire. Crucially, it can catch issues even if the malware is previously unknown, because it\u2019s responding to the symptoms (e.g. encryption patterns in files, abnormal deletions) rather than an entry on a blacklist. The goal of Anomaly Detection is to:\n<ul>\n<li>Find anomalies indicating an attack on the backup infrastructure, backup configurations, or backup data itself.<\/li>\n<li>Quickly and proactively pinpointing known \u2018clean\u2019 copies for faster recovery.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<table width=\"100%\" style=\"border: black 1px solid;\">\n<tbody>\n<tr>\n<td width=\"33%\" style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px; background-color: purple;\"><span style=\"color: white;\"><strong>Category<\/strong><\/span><\/td>\n<td width=\"33%\" style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px; background-color: purple;\"><span style=\"color: white;\"><strong>Anomaly Detection<\/strong><\/span><\/td>\n<td width=\"33%\" style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px; background-color: purple;\"><span style=\"color: white;\"><strong>Malware Scanning<\/strong><\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">Objective<\/td>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">Detect infrastructure attacks, changes to backup configurations, corruption and \/ or encryption of backup copies<\/td>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">Detect malware in primary infrastructure<\/td>\n<\/tr>\n<tr>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">Outcome<\/td>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">Identify attacks as they are happening, accelerate recovery by finding a \u2018good copy\u2019 quicker,<\/td>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">Contain destruction and remove malware<\/td>\n<\/tr>\n<tr>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">What is Inspected?<\/td>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">Backup infrastructure, configurations, and data<\/td>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">Endpoints, network etc.<\/td>\n<\/tr>\n<tr>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">Sample Heuristics<\/td>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">Honeypots, Critical Config Changes, File Entropy, Rates of Change<\/td>\n<td style=\"border: black 1px solid; padding-left: 5px; padding-right: 5px;\">Signatures, Behaviour, Proprietary<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><strong>How Anomaly Detection and Malware Scanning Complement Each Other<\/strong><\/h2>\n<p>Malware Scanning is useful for weeding out known threats (and should be part of your layered security), but it doesn\u2019t help much when attackers target your backups. Anomaly Detection fills that gap by watching for signs that something malicious could be happening.<\/p>\n<p>A cleverly staged attack may not trigger the scanner until it\u2019s too late, or the scanner might find malware after it\u2019s already encrypted your data. This is why Anomaly Detection is gaining focus in backup and recovery circles \u2013 it provides an early warning system and a broader net for catching trouble. It can alert you to ransomware activity or other attacks as it\u2019s happening, rather than just identifying damage after the fact.<\/p>\n<p>In the context of backups, Anomaly Detection might notice things like brute force attacks on the backup infrastructure, a sudden spike in the number of files being modified or deleted, unusual changes in backup job durations or sizes, or strange patterns like backups consistently shrinking outside the normal range. These can all be indicators of cybercriminals silently conducting their work.<\/p>\n<p>To sum it up, Malware Scanning answers, \u201cIs there known bad code here?\u201d whereas Anomaly Detection asks, \u201cAre my backups under attack?\u201d and \u201cIs this a good backup copy?\u201d, which is exactly what we need for robust backup protection.<\/p>\n<p>In the next part of the series, we\u2019ll summarize the three attacks vectors for backups, dive into the importance of Honeypots, and how it helps detect brute force attacks on the backup infrastructure.<\/p>\n<p><span data-teams=\"true\"><a href=\"https:\/\/www.n-able.com\/products\/cove-data-protection\" target=\"_blank\" rel=\"noopener\"><strong>Click here<\/strong><\/a><strong> to find out how Cove can help you protect your backups.<\/strong><\/span><\/p>\n<p><em>Stefan Voss is VP Product Management at N&#8209;able<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Protect your critical backups from ransomware attacks. Learn how anomaly detection safeguards backup data and ensures rapid recovery after cyber incidents.<\/p>\n","protected":false},"author":96,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-73921","post","type-post","status-publish","format-standard","hentry","topic-backup-disaster-recovery"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Backups Are Under Attack: How Anomaly Detection Shields Your Last Line of Defense - N-able<\/title>\n<meta name=\"description\" content=\"Protect your critical backups from ransomware attacks. Learn how anomaly detection safeguards backup data and ensures rapid recovery after cyber incidents.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Backups Are Under Attack: How Anomaly Detection Shields Your Last Line of Defense - N-able\" \/>\n<meta property=\"og:description\" content=\"Protect your critical backups from ransomware attacks. Learn how anomaly detection safeguards backup data and ensures rapid recovery after cyber incidents.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-24T12:48:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-19T10:55:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2025\/09\/092325_BB_Backup-Attack_PD_Final_1200x628.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Stefan Voss\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stefan Voss\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense\"},\"author\":{\"name\":\"Stefan Voss\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/6c53f89a6e7f3544df2a03e4f373825a\"},\"headline\":\"Backups Are Under Attack: How Anomaly Detection Shields Your Last Line of Defense\",\"datePublished\":\"2025-09-24T13:48:00+01:00\",\"dateModified\":\"2025-11-19T10:55:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense\"},\"wordCount\":928,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense\",\"url\":\"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense\",\"name\":\"Backups Are Under Attack: How Anomaly Detection Shields Your Last Line of Defense - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#website\"},\"datePublished\":\"2025-09-24T13:48:00+01:00\",\"dateModified\":\"2025-11-19T10:55:42+00:00\",\"description\":\"Protect your critical backups from ransomware attacks. Learn how anomaly detection safeguards backup data and ensures rapid recovery after cyber incidents.\",\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/it\/#website\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/6c53f89a6e7f3544df2a03e4f373825a\",\"name\":\"Stefan Voss\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/e974e7e859d5c34060e154031c2252fb790a96715b87613abae4b2bd2667b842?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e974e7e859d5c34060e154031c2252fb790a96715b87613abae4b2bd2667b842?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e974e7e859d5c34060e154031c2252fb790a96715b87613abae4b2bd2667b842?s=96&d=mm&r=g\",\"caption\":\"Stefan Voss\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Backups Are Under Attack: How Anomaly Detection Shields Your Last Line of Defense - N-able","description":"Protect your critical backups from ransomware attacks. Learn how anomaly detection safeguards backup data and ensures rapid recovery after cyber incidents.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense","og_locale":"it_IT","og_type":"article","og_title":"Backups Are Under Attack: How Anomaly Detection Shields Your Last Line of Defense - N-able","og_description":"Protect your critical backups from ransomware attacks. Learn how anomaly detection safeguards backup data and ensures rapid recovery after cyber incidents.","og_url":"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2025-09-24T12:48:00+00:00","article_modified_time":"2025-11-19T10:55:42+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2025\/09\/092325_BB_Backup-Attack_PD_Final_1200x628.jpg","type":"image\/jpeg"}],"author":"Stefan Voss","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Scritto da":"Stefan Voss","Tempo di lettura stimato":"4 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense"},"author":{"name":"Stefan Voss","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/6c53f89a6e7f3544df2a03e4f373825a"},"headline":"Backups Are Under Attack: How Anomaly Detection Shields Your Last Line of Defense","datePublished":"2025-09-24T13:48:00+01:00","dateModified":"2025-11-19T10:55:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense"},"wordCount":928,"publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense","url":"https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense","name":"Backups Are Under Attack: How Anomaly Detection Shields Your Last Line of Defense - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/#website"},"datePublished":"2025-09-24T13:48:00+01:00","dateModified":"2025-11-19T10:55:42+00:00","description":"Protect your critical backups from ransomware attacks. Learn how anomaly detection safeguards backup data and ensures rapid recovery after cyber incidents.","inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/it\/blog\/backups-are-under-attack-how-anomaly-detection-shields-your-last-line-of-defense"]}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/it\/#website","url":"https:\/\/www.n-able.com\/it\/","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/it\/#organization","name":"N-able","url":"https:\/\/www.n-able.com\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/6c53f89a6e7f3544df2a03e4f373825a","name":"Stefan Voss","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/e974e7e859d5c34060e154031c2252fb790a96715b87613abae4b2bd2667b842?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e974e7e859d5c34060e154031c2252fb790a96715b87613abae4b2bd2667b842?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e974e7e859d5c34060e154031c2252fb790a96715b87613abae4b2bd2667b842?s=96&d=mm&r=g","caption":"Stefan Voss"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/73921","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/comments?post=73921"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/73921\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/media?parent=73921"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}