Tag: Backups | SpinSafe

Compromised backups send ransomware recovery costs soaring

April 12, 2024/in Internet Security

There’s a common misperception that to defeat ransomware attacks, organizations must simply back up their systems and data. Unfortunately, that’s not necessarily the case. Organizations must back up their systems and data, but they must also protect those backups as if their business survivability depended on it, because it likely does.

Consider a report from cybersecurity firm Sophos, published last month, revealing an alarming trend: Ransomware attackers increasingly target and compromise victims’ backups. And, in doing so, they are increasingly crippling the victim’s ability to recover maliciously encrypted files without having to pay the ransom demand.

Based on a survey of nearly 3,000 organizations hit by ransomware in the past year, the study found that a staggering 94% of respondents reported attempts by cybercriminals to compromise their backups during the attack. In specific sectors such as state and local government as well as media and entertainment, this figure soared to 99%.

Attackers know that when potential victims can simply recover their systems and data from backups, the attacker loses their leverage. However, by successfully compromising backups, the script is flipped: Victims lose any leverage they may have. And this drives the costs of ransomware relatively high. Data from Sophos’s survey shows that organizations whose backups were compromised faced the following:

63% higher rate of data encryption, 85% vs 52% if backups are not compromised.
More than double the median ransom demand at $2.3 million compared to $1 million if backups remain intact
67% paid the ransom, compared to just 36% if backups were available
A median ransom payment of $2 million is nearly double the $1.062 million paid by those with secure backups

Backups are the start

There is good news here: Lots of organizations are backing up their data. That’s a great start in the successful recovery from a ransomware attack. The bad news is that not enough organizations are protecting these backups from attack. Sophos found that attackers have very high success rates in some industries. For instance, the success rate of energy utilities’ backup compromises reached 79%. However, in IT/technology…

Source…

94% of Ransomware Victims Have Their Backups Targeted

April 12, 2024/in Internet Security

Organisations that have backed up their sensitive data may believe they are relatively safe from ransomware attacks; however, this is not the case based on findings from a new study from IT security company Sophos. The report showed that cybercriminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year.

Attackers are aware that those who fall victim to ransomware must choose to either pay the ransom or recover their now-encrypted systems from a backup. To put more pressure on decision-makers to pay up, it is becoming more common for them to target the duplicated data as well as the production data. Indeed, the report showed the victim is almost twice as likely to pay up if their backup is compromised, and recovery from the attack is eight times more expensive.

The Sophos research revealed the extent of the popularity and effectiveness of ransomware groups targeting corporate backups (Figure A).

Figure A

Percentage of ransomware victims that paid the ransom to recover their data from cyber criminals. Image: Sophos

SEE: What is ransomware? Read this TechRepublic cheat sheet

How much does it cost to recover from a ransomware attack on the backup?

The Sophos research found that the median ransom demand for organisations whose backups are compromised is $2.3 million (£1.8 million) (Figure B). When the backup is not compromised, the median ransom demand is $1 million (£790k), as the attacker has less leverage.

Figure B

The median ransom demanded by cyber criminals when they have access or don’t have access to their victim’s backups. Image: Sophos

“Ransomware-led outages frequently have a considerable impact on day-to-day business transactions while the task of restoring IT systems is often complex and expensive,” Sally Adam, the senior director of marketing at Sophos, wrote in the report.

Companies without compromised backups are also more likely to be able to negotiate the ransom payment down, paying out an average of 82% of the initial demand. Those whose backups are compromised will pay 98% of the demanded sum, on average.

The total cost of a ransomware attack is often more than just the ransom, as it incorporates the…

Source…

Ransomware attackers are increasingly targeting backups — so make sure yours are protected

April 1, 2024/in Internet Security

When deploying ransomware on a target system, threat actors will almost always look to compromise the backups, too.

Organizations that lose their backups end up paying a lot more in ransom demands, and losing even more in the recovery process, a new report from cybersecurity researchers Sophos has claimed, highlighting the importance of keeping the backups safe.

The company surveyed almost 3,000 IT and cybersecurity professionals, whose organizations suffered a ransomware attack in 2023. Almost all (94%) respondents said the attackers went after their backups, too, rising to 99% in state and local government, the media, leisure, and entertainment sectors.

Higher demands

Organizations in the energy, oil and gas, and utilities, were most likely to lose their backups to ransomware (79%), followed by education (71%). Across all sectors, the researchers said, more than half (57%) of all compromise attempts were successful.

As a result, the ransom demands grew. Victims whose backups were compromised received, on average, more than two times the ransom demand of those who kept their backups safe. The median ransom demand was around $2.3M (backups compromised) and $1M (backups not compromised).

What’s more, organizations with compromised backups were almost twice as likely to pay the ransom, compared to those with safe backups (67% compared to 36%). The median ransom payment for organizations with compromised backups was also double – $2 million versus $1.062 million. These firms were also unable to negotiate down the ransom payment, as the attackers were well-aware of the strong position they held during the negotiations.

“Backups are a key part of a holistic cyber risk reduction strategy,” the researchers said. “If your backups are accessible online, you should assume that adversaries will find them. Organizations would be wise to take regular backups and store in multiple locations; be sure to add MFA (multi-factor authentication) to your cloud backup accounts to help prevent attackers from gaining access, practice recovering from backups; and secure your backups.”

Source…

WhatsApp Ensures Secure Android Google Drive Backups

January 30, 2024/in Mobile Security

WhatsApp, an immensely popular messaging application available on Android devices, has taken significant measures to enhance security and privacy for its users. As part of this initiative, WhatsApp has introduced end-to-end encryption for its Google Drive backups on Android, ensuring that users’ data remains protected and inaccessible to unauthorized individuals.

Enhanced Security Measures

With the implementation of end-to-end encryption for Google Drive backups, WhatsApp aims to provide its users with an additional layer of security. This encryption ensures that the content of the backups, including text messages, photos, and videos, is securely stored and can only be accessed by the authorized user. Even WhatsApp itself cannot decrypt the data, providing peace of mind to users concerned about their privacy.

Furthermore, this encryption applies to both the backup file stored on Google Drive and the transfer of data during the backup process, furthering the protection of users’ personal information.

Seamless user experience

WhatsApp has taken great care to ensure that implementing end-to-end encryption for Google Drive backups does not compromise the user experience. Backing up and restoring data remains a seamless process with minimal user interference, allowing users to continue enjoying the convenience and accessibility of their backups whilst knowing that their data is being protected.

The encryption does not inhibit users from efficiently navigating, searching, or accessing their backups, ensuring the preservation of their individual preferences and prior usage patterns.

Opting for Encryption

WhatsApp encourages all Android users to enable encryption for their Google Drive backups. By enabling this feature, users can enhance the security of their backups and fortify their privacy, making it significantly more difficult for unauthorized individuals to gain access to their personal data.

To activate encryption, users simply need to navigate to the settings within the WhatsApp application on their Android device and access the ‘Chats’ section. Here, they can select the ‘Chat backup’ option and proceed to toggle on the ‘Include videos’ and ‘Include voice…

Source…

Tag Archive for: Backups

Backups are the start

How much does it cost to recover from a ransomware attack on the backup?

Enhanced Security Measures

Seamless user experience

Opting for Encryption