Malware in the form of holding data for ransom has been a threat to organizations for years. Ransomware attacks are getting more sophisticated and are targeting a new class of data – backups! In this BlogBytes we will examine how cyber-criminals are attacking data backups, review an incident of a mass-scale ransomware attack and discuss how organizations can defend against malware with the help of LTO technology.
Ransomware Targets Data Backup Copies
Ransomware Attackers Prosecuted
Case in point: as reported in a justice.gov article, ransomware attackers were, “indicted for deploying SamSam ransomware to extort hospitals, municipalities, and public institutions, causing over $30 million [USD] in losses.” The 200 victims included municipalities and healthcare related entities ranging from New Jersey to California and Canada. According to the prosecution, the attackers, “would extort victim entities by demanding a ransom paid in the virtual currency Bitcoin in exchange for decryption keys for the encrypted data.” The attackers maximized the damage caused to their victims, “by launching attacks outside regular business hours, when a victim would find it more difficult to mitigate the attack, and by encrypting backups of the victims’ computers. This was intended to, and often did, cripple the regular business operations of the victims.”
How to Defend Against Ransomware
- Focus on awareness and training. Because end-users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered and trained on information security principles and techniques.
- Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
- Only download software – especially free software – from sites you know and trust. When possible, verify the integrity of the software through a digital signature prior to execution.
- Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
- Regularly back up data and verify the integrity of those backups. Backups are critical in ransomware incidents; if you are infected, backups may be the best way to recover your critical data.
- Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might include securing backups in the cloud or physically storing them offline.