Ransomware: How can you protect your business

With ransomware attacks now targeting backup storage, we look at what businesses can do to protect themselves.

Tech News: Ransomware How can you protect your business

Most Ransomware Attacks Target Backups  

The 2023 Ransomware Trends Report from software company Veeam has revealed that 93 per cent of cyber-attacks target backup storage to force the ransom payment because it removes the option of recovery. The report found that these attacks are successful in debilitating their victims’ ability to recover in three-quarters of events and that more than one-third (39 per cent) of backup repositories are completely lost in these backup-targeted attacks. 

Ransomware? 

As the name suggests, ransomware is a type of malicious software designed to encrypt files on a victim’s computer or network, rendering them inaccessible until a ransom is paid to the attacker (usually to a crypto account like bitcoin to avoid detection). It is a form of cyber extortion that aims to extort money from individuals, businesses, or organisations by holding their valuable data hostage. 

Paying The Ransom? 

It is widely known that paying the ransom often doesn’t work and even if the ransom is paid, data can still be destroyed and/or, the attackers don’t provide the decryption key and simply make off with the money.  

That said, according to the Veeam report, for the second year in a row, most of the organisations surveyed (80 per cent) said they had paid the ransom to end an attack and recover data, despite 41 per cent of organisations actually having a “Do-Not-Pay” policy on ransomware. Still, while 59 per cent paid the ransom and were able to recover data, 21 per cent paid the ransom yet still didn’t get their data back from the cyber criminals. Additionally, only 16 per cent of organisations avoided paying ransom because they were able to recover from backups. Sadly, the global statistic of organisations able to recover data themselves without paying ransom is down from 19 per cent in last year’s survey. 

Protecting Your Business Against Ransomware Attacks 

Typically, preventing ransomware attacks involves a combination of proactive measures such as regularly updating software and systems, implementing robust security practices, training employees on recognising and avoiding suspicious emails or websites, maintaining secure backups of important data, and deploying reliable antivirus and anti-malware solutions. 

Veeam notes in its comments about the report’s findings that while best practices like securing backup credentials, automating cyber detection scans of backups, and auto verifying that backups are restorable can help protect against attacks, “the key tactic is to ensure that the backup repositories cannot be deleted or corrupted. To do so, organisations must focus on immutability.”  

Immutability 

Veeam reports that those who have fallen victim to ransomware have learned lessons and 82 per cent use immutable clouds, i.e. a cloud computing environment where the data stored within the cloud infrastructure is maintained in an immutable or unchangeable state. Also, 64 per cent now use immutable disks, and only 2 per cent of organisations don’t have immutability in at least one tier of their backup solution. 

Being Careful About Re-Infection During Recovery 

In Veeam’s study, respondents were asked how they ensure that data is ‘clean’ during restoration. 44 per cent of respondents said they complete some form of “isolated-staging” to re-scan data from backup repositories prior to reintroduction into the production environment. Whilst this is positive news, the flip side of this statistic is that more than half (56 per cent) organisations risk re-infecting the production environment by not having a means to ensure clean data during recovery. The point is, therefore, that it’s important to thoroughly scan data during the recovery process. 

What Does This Mean For Your Business? 

As highlighted by Veeam’s report, ransomware attacks, on the other hand, have increasingly targeted backup storage, rendering organisations unable to recover their data even if they pay the ransom. While some organisations have paid the ransom and recovered their data, many have not been as fortunate. For businesses, the key to protecting against ransomware attacks lies in proactive measures such as regularly updating software, implementing robust security practices, training employees, maintaining secure backups, and deploying reliable antivirus and anti-malware solutions. Additionally, businesses should focus on immutability, ensuring that backup repositories cannot be deleted or corrupted. 

To combat the risks associated with spear phishing and ransomware attacks, businesses should favour a multi-layered approach to security. This includes investing in employee education and training, implementing strong technical security measures, and regularly evaluating and updating security protocols. Businesses can also help protect themselves by staying informed about emerging threats and best practices in cybersecurity to enable them to adapt their defences accordingly. 

If you are looking to take on an IT provider, contact us here. We currently offer a free IT consultation, so don’t forget to fill out our IT Workplace Assessment, so we can come back to you with our recommendations.

Latest posts
Anti-trust: OpenAI And Microsoft – The Latest Following the recent boardroom power struggle that led to the sacking and reinstatement of OpenAI boss Sam Altman, Microsoft’s relationship with OpenAI is now...
Microsoft Launches New AI Content Safety Service Microsoft has announced the launch of Azure AI Content Safety, a new content moderation service that uses AI to detect and filter out offensive,...
Safety Considerations Around ChatGPT Image Uploads With one of ChatGPT’s latest features being the ability to upload images to help get answers to queries, here we look at why there...
Navigating the Cybersecurity Landscape: A Guide for Insurance Companies Introduction The insurance sector is built on the foundation of trust and the secure handling of sensitive data. However, the increasing frequency of cyberattacks...
The Imperative of Cybersecurity in the Financial Sector: Addressing Key Pain Points Introduction In an era where data is the new gold, the financial sector remains a prime target for cybercriminals. With the increasing digitisation of...
No Email Backup For Microsoft 365? In this insight, we look at what many users think to be a surprising fact in that Microsoft 365 doesn’t provide a traditional email...
Zoom Data Concerns In this article, we look at why Zoom found itself as the subject of a backlash over an online update to its terms related...

Technologies we work with...

Astec IT Astec IT - Ultimate service through advances in technology 02038026525 [email protected]