Ransomware and backups: Backups are no longer a way out

The massive growth of double extortion – and even triple extortion – ransomware attacks is at risk of rendering common, traditional methods of reducing the impact of ransomware hit, such as well-maintained backups, less efficacious, according to a report from machine identity specialist Venafi.

Image credit: www.kaspersky.com

Data collated from Venafi’s worldwide survey of IT and security decision-makers revealed that 83% of successful ransomware attacks now involve alternative extortion methods – an example is leaking data to the dark web (35%), using stolen data to extort customers (38%), and informing customers that their data has been compromised (32%). A mere 17% of attacks merely ask for money for a decryption key.

Venafi said it means that because ransomware and backups attack now rely on data exfiltration, effective backup strategies are therefore to an extent “no longer effective” for containing a breach.

“Ransomware attacks have become much more dangerous. They have evolved beyond basic security defenses and business continuity techniques like next-gen antivirus and backups,” said Kevin Bocek, the vice-president of business development and threat intelligence at Venafi.

Venafi also discovered that cybercriminals are progressively following through on their threats whether or not they get paid. Indeed, 18% of victims had their data leaked despite paying, while more than the 16% refused outright to pay anything and still had their data leaked. Some 8% refused outright but then had their customers extorted, and 35% paid but were left unable to retrieve their data.

Attackers understand their victims have likely implemented recovery systems and backups, and recognize that these kinds of tactics are their best shot at a win.

“Organisations are unprepared to defend against ransomware that exfiltrates data, so they pay the ransom, but this only motivates attackers to seek more. The bad news is that attackers are following through on extortion threats, even after the ransom has been paid. This means CISOs are under much more pressure because a successful attack is much more likely to create a full-scale service disruption that affects customers,” said Bocek.

Respondents to Venafi’s survey agreed by some margin that double and triple extortion attacks were rapidly growing in popularity and this made it harder to say no to ransom demands, creating further problems for security teams.

Respondents also tended to agree that ransomware attacks were evolving a little quicker for security tech to keep up. As a result, 76% are planning further spending on ransomware and backup-specific controls that go above and beyond air-gapped storage.

Bocek said, “Threat actors are constantly evolving their attacks to make them more potent, and it’s time for the cyber security industry to respond in kind,”. “Ransomware often evades detection simply because it runs without a trusted machine identity. Using machine identity management to reduce the use of unsigned scripts, increase code signing, and restricting the execution of malicious macros are vital to well-rounded ransomware protection.”

Leave a Comment

Your email address will not be published. Required fields are marked *