The Tech Grinch Blog

RAN$OMWAR$ - The DarkSide Strikes Backup

Posted by Autodata on Nov 18, 2021 4:00:00 PM

It's no secret that there has been a dramatic surge in ransomware attacks during 2021, with a worldwide increase of 151% recorded in the first half alone1.

Tactics have varied and several major attacks have made headlines, such as the Colonial Pipeline scam in the US and the attacks on the UK Education and Irish Health sectors.

No business is immune to a cyber attack. Cyber criminals evolve and our defences need to evolve with them. With attacks being carried out more frequently, and more advanced functionality attaching itself to critical data, most organisations now understand that it’s vital to protect their data against ransomware.

Employing a 'defence-in-depth' strategy including a comprehensive and fully tested backup strategy is vital, not only to help detect and protect against ransomware but also to help recover from a successful attack.

Ensuring your data storage is immutable is your ultimate defence, preventing ransomware actors from being able to leverage the deletion of your data as part of their ransom demands2. Performing regular and systematic retesting of your backup recovery plan is also key to guarantee a full and efficient critical systems restoration can be achieved.

So what exactly is immutable storage?

Immutability means that once your data backup is created, it can’t be modified, overwritten or erased. When using immutability with backup storage, you can set a time frame as to how long you want your data to stay unaltered and completely protected from being amended or deleted3.

In the event of a ransomware attack - or any accidental deletion of data from your primary storage system - you are able to restore your protected data backup to your entire organisation.

The newest variants of ransomware now employ multiple layers of extortion on top of just encrypting the victim's systems/networks/backups. These range from issuing warnings to the victim not to contact law enforcement or cybersecurity agencies if they want their data back, to publishing excerpts of the data on the dark web or internet, to launching DDoS attacks aiming to overload the victim's website or even harassing employees and business partners when the ransom remains unpaid4.

There is no cure-all for ransomware attacks, however by harnessing the ability to ensure that all encrypted data can be rapidly and fully restored by the business, you can effectively remove the criminal's primary extortion factor.

What can we really do to protect against these ever-changing threat tactics?

  • Adopt a defence-in-depth strategy as recommended by the NCSC5, using multiple detections, protection and hardening technologies to mitigate risk at each point of the potential attack chain.

  • Apply security patches as soon as possible so cybercriminals can't exploit known vulnerabilities to access the network.

  • Equip users with multi-factor authentication tools so it's more difficult for cybercriminals to take advantage of breached usernames and passwords.

To find out more about how to create an effective backup strategy to detect ransomware, protect your data and recover effectively in the event of an attack ...


Topics: The Tech Grinch Blog

Blog Posts