The strategies employed by cybercriminals are becoming more sophisticated, which means ransomware attacks will likely be more frequent – and more devastating – in the coming year.
This is according to a new report from disaster recovery firm Databarracks, which claims that outright prevention of ransomware is “impossible”. The only way to truly stay safe from ransomware attacks, the company claims, is to learn all of the tactics deployed by the criminals, and have reliable backups in case of an emergency.
Since 2018, ransomware attacks have increased by 26 percent. What started as simple data encryption and a demand for ransom in exchange for the decryption key has evolved into a multi-stage attack.
The report claims that criminals now usually opt for a “double extortion” attack. Not only will they demand ransom for the decryption key, but will also threaten to release the data to the public if their demands aren’t met. “This adds the pressure of a regulatory fines and reputation damage, if they refuse to pay the ransom,” it was said.
They are also mindful of backups. Some hackers will look to encrypt those, as well, and many will wait longer before encrypting data in order to outlast the backup. “Cyber-criminals know that there is a much greater chance of payment if the victim doesn’t have a good backup to revert to. Attackers access systems and install ransomware but don’t execute immediately,” Databarracks explained.
And finally, they have started cold-calling victims, if they suspect they’re trying to restore their systems from a backup. “This is an intimidation tactic designed to make the attacker seem omniscient and make the victim feel like any suggestion of recovery is futile.”
Commenting on the findings from the report, MD Peter Groucutt said that the only way to secure your data is to have reliable backups.
“You must assume that you will suffer a successful attack. From that position, you have two objectives: to quickly detect and respond to limit its reach and to bring systems back online and have the business operational as quickly as possible,” he said.
“It’s critical your Incident Response Team or Crisis Management Team has the authority to make large-scale, operational decisions to take systems offline to limit the spread of infection. The business must then find when the ransomware installation occurred in order to restore clean data from before the infection.”
“Backups should be outside the network domain and you should keep copies in multiple locations or even separate clouds. You can also make your cloud storage immutable to prevent backups being changed by ransomware.”