When an organization suffers a ransomware infection, it usually has two choices: either pay the ransom demand and hope the decryptor works, or restore the data from a backup solution and continue business as usual.
However, new research from Veeam has found hackers are increasingly targeting backup solutions in order to force the victims to pay the ransom demand anyway.
The company’s Veeam 2023 Ransomware Trends Report, based on insights from 1,200 impacted organizations and almost 3,000 cyberattacks, claims threat actors will almost always (in more than 93% of cases) target backups during cyberattacks. Of that number, they’ll succeed (even partially) in three-quarters (75%) of cases. In more than a third of cases (39%) backup repositories were completely lost. Therefore, the immutability and air-gapping of backup solutions remain pivotal for businesses.
Focusing on the basics
“We need to focus on effective ransomware preparedness by focusing on the basics, including strong security measures and testing both original data and backups, ensuring survivability of the backup solutions, and ensuring alignment across the backup and cyber teams for a unified stance,” says Danny Allan, CTO at Veeam.
It seems that paying the ransom demand is still the most popular way of solving the problem, as 80% did it last year (up 4% year-on-year). While 59% managed to recover their data after paying the criminals, a fifth (21%) paid and still couldn’t get their data back. Furthermore, just 16% managed to recover their assets from backups – down 19% year-on-year.
While best practices (securing backup credentials, automating cyber detection scans of backups, and auto-verifying that backups are restorable) are important, Veeam argues that businesses need to make sure backups can’t be deleted or corrupted, and they can do that by focusing on immutability.
Among ransomware victims 82% use immutable clouds, 64% use immutable disks, and just 2% don’t have immutability in at least one tier of their backup solution.