Ransomware attackers are increasingly targeting backups — so make sure yours are protected

Pls share this post

Listen to this article

When deploying ransomware on a target system, threat actors will almost always look to compromise the backups, too. 

Organizations that lose their backups end up paying a lot more in ransom demands, and losing even more in the recovery process, a new report from cybersecurity researchers Sophos has claimed, highlighting the importance of keeping the backups safe.

The company surveyed almost 3,000 IT and cybersecurity professionals, whose organizations suffered a ransomware attack in 2023. Almost all (94%) respondents said the attackers went after their backups, too, rising to 99% in state and local government, the media, leisure, and entertainment sectors.

Higher demands

Organizations in the energy, oil and gas, and utilities, were most likely to lose their backups to ransomware (79%), followed by education (71%). Across all sectors, the researchers said, more than half (57%) of all compromise attempts were successful.

READ ALSO  Could Google be using Reddit to revive an ancient, failed project — 60,000+ Redditors may well be mTurk’ing for Google Answers 2.0

As a result, the ransom demands grew. Victims whose backups were compromised received, on average, more than two times the ransom demand of those who kept their backups safe. The median ransom demand was around $2.3M (backups compromised) and $1M (backups not compromised). 

What’s more, organizations with compromised backups were almost twice as likely to pay the ransom, compared to those with safe backups (67% compared to 36%). The median ransom payment for organizations with compromised backups was also double – $2 million versus $1.062 million. These firms were also unable to negotiate down the ransom payment, as the attackers were well-aware of the strong position they held during the negotiations.

READ ALSO  Huawei may have used a very clever trick to make hard disks use less power — spin-on-demand disk drives may well compete with tape on performance, but at what cost?

“Backups are a key part of a holistic cyber risk reduction strategy,” the researchers said. “If your backups are accessible online, you should assume that adversaries will find them. Organizations would be wise to take regular backups and store in multiple locations; be sure to add MFA (multi-factor authentication) to your cloud backup accounts to help prevent attackers from gaining access, practice recovering from backups; and secure your backups.” 

“Monitor for and respond to suspicious activity around your backups as it may be an indicator that adversaries are attempting to compromise them.”

More from TechRadar Pro

Hear 'Mona Lisa' recite a famous Shakespeare monologue — Chinese engineers manage to get a picture to sing and talk using an AI app called Emote Portrait Live


Pls share this post
Previous articleBig news — Microsoft Teams will now be completely separate from the rest of Office
Next articleA Georgia basic income program is giving Black women $850 a month. They say it helps them pay bills and reduce debt.