Ransomware attackers are going after backup storage to force you to pay up

Businesses need to focus on immutability, experts claim

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

When an organization suffers aransomwareinfection, it usually has two choices: either pay the ransom demand and hope the decryptor works, or restore the data from a backup solution and continue business as usual.

However, new research from Veeam has found hackers are increasingly targetingbackupsolutions in order to force the victims to pay the ransom demand anyway.

The company’s Veeam 2023 Ransomware Trends Report, based on insights from 1,200 impacted organizations and almost 3,000 cyberattacks, claims threat actors will almost always (in more than 93% of cases) target backups during cyberattacks. Of that number, they’ll succeed (even partially) in three-quarters (75%) of cases. In more than a third of cases (39%) backup repositories were completely lost. Therefore, the immutability and air-gapping of backup solutions remain pivotal for businesses.

Focusing on the basics

“We need to focus on effective ransomware preparedness by focusing on the basics, including strong security measures and testing both original data and backups, ensuring survivability of the backup solutions, and ensuring alignment across the backup and cyber teams for a unified stance,” says Danny Allan, CTO at Veeam.

Many CISOs are drowning in ‘security debt’>The explosion of digital identities and growth of cybersecurity debt>These are the best firewalls today

It seems that paying the ransom demand is still the most popular way of solving the problem, as 80% did it last year (up 4% year-on-year). While 59% managed to recover their data after paying the criminals, a fifth (21%) paid and still couldn’t get their data back. Furthermore, just 16% managed to recover their assets from backups - down 19% year-on-year.

While best practices (securing backup credentials, automating cyber detection scans of backups, and auto-verifying that backups are restorable) are important, Veeam argues that businesses need to make sure backups can’t be deleted or corrupted, and they can do that by focusing on immutability.

Among ransomware victims 82% use immutableclouds, 64% use immutable disks, and just 2% don’t have immutability in at least one tier of their backup solution.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call