2 minute read
RANSOMWARE ATTACKERS DON’T JUST WANT YOUR DATA, NOW THEY BACKUPS TOO
from The Integrator
By: Rick Vanover, Senior Director of Product Strategy, Veeam
Advertisement
Ransomware remains a significant cybersecurity threat for government agencies as ransomware attackers evolve methods to escape detection. The goal for attackers is not simply to exfiltrate and encrypt data to force victims to pay their ransom, but to totally remove an organization’s ability to recover from such an attack.
Attackers are now taking new approaches to achieve this objective, both in making their intrusions more difficult to detect or by adding new targets, such as data backups, to completely hobble an organization.
To help guard against some of these tactics, organizations must develop robust data backup strategies that allow for fast and complete data recovery and immutable contingency plans to ensure potential ransomware attacks can be mitigated.
Encrypting Smaller Portions
Ransomware groups looking to infiltrate systems have a few challenges. Once they locate and exploit a vulnerability, they have to obtain and encrypt as much data as they can before either launching a ransomware attack or being detected by the system’s safeguards.
Encrypting data takes time, and the longer an attacker is in a network, the higher the chances they will be detected. A new technique, intermittent encryption, mitigates this challenge. By encrypting portions of the data small enough to evade detection, attackers can still render a file unusable by an organization without the decryption key. They do this by encrypting every 12 or 18 bytes of data, varying the times of day in which they do it and how much they encrypt, so attackers can evade automated detection tools and stay in the network longer.
Stealing The Backup
Once bad actors have encrypted enough data to launch a ransomware attack, some are now looking to improve their odds of payment by also claiming an organization’s backup repositories as well.
Backups kept on an open network or one with weak password credentials and no multi-factor authentication are likely targets. For example, if backups are authorized by a primary Active Directory domain, then attackers will try to compromise that domain to gain access to both the backup and the production data. Such attacks often target financial services, health care and public sectors where a ransomware attack can impact critical infrastructure.
Are After The
Securing Data As Ransomware Evolves
Even as ransomware tactics evolve, the best cybersecurity methods continue to be some of the most traditional ones—solid software patch management and cyber hygiene education. Both strategies will help reduce an organization’s risk of ransomware exposure, especially in a remote work environment.
A strong software patch management strategy limits the software vulnerabilities attackers can exploit to launch a ransomware attack, challenging attackers before they can even get into the system. Quickly deployed software patches and updates to lower the odds that attackers will be able to access a network’s data. Though the tactic seems simple, it’s often an area organization can improve.
Additionally, cyber education needs to improve. Employees are often the weakest link that allows the attack to get started. Everyone within an organization should be able to recognize common infiltration approaches, such as phishing emails or social engineering tactics. Even with improvements in these areas, the reality is that ransomware attacks will continue to happen. As ransomware evolves, backup strategy becomes particularly crucial. A short cut approach to data backup isn’t sufficient when the backups themselves are the targets.
