Which controls should be included to ensure Azure Backup can restore resources affected by a ransomware attack?

To effectively protect resources affected by a ransomware attack using Azure Backup, it's vital to implement controls that enhance security and ensure data integrity during restoration efforts. The best choice is to require PINs for critical operations and perform offline backups.

Requiring PINs for critical operations adds an additional layer of security, as it prevents unauthorized access to backup and restoration processes. This means that even if a malicious actor gains access to the system, they would still need the PIN to initiate a restore, which significantly hinders their ability to leverage backups for further attacks.

Performing offline backups is equally essential. Ransomware often targets online backups to either delete them or encrypt the backup data itself, rendering it useless for restoration. By maintaining offline backups, organizations can ensure that they have copies of their data that are not susceptible to the same threats that affect online systems. This strategy provides a reliable means of restoring data that remains unaffected by ransomware attacks, allowing for a recovery path that is independent of the compromised network.

Combining these practices substantially enhances the resilience of backup strategies against ransomware, ensuring that organizations can promptly recover their resources without falling victim to further extortion attempts.