Tag Archive for: Recovery

Compromised backups send ransomware recovery costs soaring

/in


There’s a common misperception that to defeat ransomware attacks, organizations must simply back up their systems and data. Unfortunately, that’s not necessarily the case. Organizations must back up their systems and data, but they must also protect those backups as if their business survivability depended on it, because it likely does.

Consider a report from cybersecurity firm Sophos, published last month, revealing an alarming trend: Ransomware attackers increasingly target and compromise victims’ backups. And, in doing so, they are increasingly crippling the victim’s ability to recover maliciously encrypted files without having to pay the ransom demand.  

Based on a survey of nearly 3,000 organizations hit by ransomware in the past year, the study found that a staggering 94% of respondents reported attempts by cybercriminals to compromise their backups during the attack. In specific sectors such as state and local government as well as media and entertainment, this figure soared to 99%.

Attackers know that when potential victims can simply recover their systems and data from backups, the attacker loses their leverage. However, by successfully compromising backups, the script is flipped: Victims lose any leverage they may have. And this drives the costs of ransomware relatively high. Data from Sophos’s survey shows that organizations whose backups were compromised faced the following:

  • 63% higher rate of data encryption, 85% vs 52% if backups are not compromised.
  • More than double the median ransom demand at $2.3 million compared to $1 million if backups remain intact
  • 67% paid the ransom, compared to just 36% if backups were available
  • A median ransom payment of $2 million is nearly double the $1.062 million paid by those with secure backups

Backups are the start

There is good news here: Lots of organizations are backing up their data. That’s a great start in the successful recovery from a ransomware attack. The bad news is that not enough organizations are protecting these backups from attack. Sophos found that attackers have very high success rates in some industries. For instance, the success rate of energy utilities’ backup compromises reached 79%. However, in IT/technology…

Source…

Ransomware recovery efforts continue Monday in Jackson County

/in


KANSAS CITY, Mo. — Jackson County’s Assessment, Collection and Recorder of Deeds offices will remain closed Monday as the county continues to restore network infrastructure following a ransomware attack.

The attack was first reported the morning of Tuesday, April 2. Two days later, the county identified the attack was triggered by a “malicious e-mail link.”

RELATED | Cybersecurity expert gives insight into ransomware attack on Jackson County systems

Monday’s closure will allow the county’s IT professionals to continue recovery efforts by “prioritizing the security and stability” of the affected systems, per a news release from Jackson County.

“We recognize the impact this decision may have on our residents and want to assure them that it was made with careful consideration,” the county shared in the release. “Our commitment remains steadfast in swiftly resolving this situation and minimizing any inconvenience to our community.”

As the offices have been closed for nearly a week, the county said it is grateful for the community’s “continued patience and understanding during this challenging time.”

Updates regarding the reopening of the offices will be “promptly communicated,” per Jackson County.

Source…

Kansas court system nears ransomware recovery completion

/in


Total recovery from a Russian ransomware attack in October at Kansas’ court system was noted to be imminent by state Supreme Court Chief Justice Marla Luckert following this week’s restoration of its case management system and free public portal for electronic court records, according to The Record, a news site by cybersecurity firm Recorded Future.

While electronic filing is expected to be completely restored during the next two weeks, more advanced defenses have already been set in place to expedite recovery of systems that could be impacted by a future ransomware attack, said Luckert during a State of the Judiciary speech before the state legislature. Luckert also emphasized that ransomware recovery efforts were not accelerated to ensure the safety of its citizens after confirming claims that data had been stolen from its systems.

“As these and other details emerged, it became clear we needed to implement alternative business practices to keep courts running. Courts across the state reverted to old school methods, including paper filings. We communicated to the public about how we used the paper environment,” said Luckert.

Source…

Nutanix Strengthens Cyber Resilience With Accelerated Ransomware Detection And Recovery

/in


(MENAFN– Mid-East)

Nutanix Data Lens can detect threats within 20 minutes and delivers 1-click recovery

Adds support for Nutanix Objects, increases visibility of data across the hybrid multicloud.

DUBAI, UAE– Nutanix (NASDAQ: NTNX), a leader in hybrid multicloud computing, today announced new features in the Nutanix Cloud Platform to strengthen organizations’ cyber resilience against ransomware attacks on unstructured data. These new features, available today in Nutanix Data Lens and Nutanix Unified Storage solutions, enable organizations to detect a threat, defend from further damage and begin a 1-click recovery process within 20 minutes of exposure. The features build on the strength of Nutanix Cloud Platform to protect and secure customers’ most sensitive data across clouds.

Ransomware is a top priority for CIOs and CISOs globally, yet 93% of organizations report they need to be better prepared according to the Enterprise Cloud Index. Speed of detection is more critical now that the average ransomware attack duration accelerated 94% as threat actors become more efficient at breaching, exfiltrating, and enacting a ransomware payload compromising data. Fast data recovery is also essential since recovery can typically take days or even weeks, and incomplete recovery can impact operations long after the attack is over.

“Rapid detection and rapid recovery are two of the most critical elements in successful ransomware planning, yet remain a challenge for many organizations especially as they manage data across multiple clouds,” said Scott Sinclair, Practice Director with the Enterprise Strategy Group.“Nutanix Data Lens and Nutanix Unified Storage, Nutanix Cloud Platform now provides a 20-min detection window and 1-click recovery, with cyber resilience integrated at the unstructured data layer to simplify cyber resilience while accelerating both detection and recovery.”

Nutanix Data Lens is a SaaS-based data security solution that helps proactively assess and mitigate unstructured data security and compliance risks by identifying anomalous activity and auditing user behavior. New capabilities include:

  • Ransomware Detection and…

Source…