Ransomware Gangs Adopt New Tactic: Targeting Backups for Higher Payouts


Ransomware Gangs' Latest Move: Hijacking Backups for Maximal Damage

In a recent development, cybersecurity experts have observed a worrying trend among ransomware gangs: targeting data backups to maximize their chances of receiving hefty ransom payments. This alarming shift in tactics has put organizations on high alert, as compromised backups can severely hinder their ability to recover from an attack without giving in to the attackers' demands.

A study conducted by a leading cybersecurity firm, involving nearly 3,000 IT and security professionals across 14 countries, revealed that an astonishing 94% of organizations hit by ransomware in the past year reported that the attackers attempted to compromise their backup systems. For organizations in sectors such as government, media, leisure, and entertainment, this figure rose to an alarming 99%.

Cybersecurity expert and threat cyber leader at Optiv, Curtis Fechner, explained, "Ransomware actors are well aware that compromising an organization's backups puts them in a bind. By making the backups inaccessible, they can exert more pressure on the victim to pay the ransom and even demand higher amounts, knowing that the organization is desperate to recover their data."

The evolution of ransomware attacks has been a constant battle between cybercriminals and security professionals. Over the past decade, attackers have become more sophisticated, moving beyond simple malware that exploits vulnerabilities to propagate and encrypt data. They now invest more time in reconnaissance, identifying and targeting the most sensitive information, exfiltrating data for double extortion, and targeting backups to render recovery efforts futile or prohibitively expensive.

The consequences of compromised backups are severe. The study found that victims with compromised backups received ransom demands that were, on average, more than double compared to those with uncompromised backups. Moreover, these organizations paid a higher percentage of the ransom demanded and incurred significantly higher overall recovery costs, with median costs reaching $3 million – eight times higher than those with intact backups.

Darren Guccione, CEO of Keeper Security, emphasized the far-reaching impact of ransomware attacks targeting backups: "In addition to the ransom payment itself, organizations face loss of revenue due to operational disruption, damage to brand reputation, immediate and long-term recovery efforts, and potential fines and legal liabilities. When backups are compromised, the restoration process is significantly prolonged, and additional expenses can arise, particularly if sensitive data is lost or data protection regulations are violated."

To combat this growing threat, experts recommend implementing stronger security controls, logging, and access controls on backup systems. Maintaining multiple copies of backups in different locations, both in the cloud and offline, along with a comprehensive disaster recovery plan, can help organizations reduce the impact of ransomware attacks targeting backups. However, the cost of implementing offline backups can be a challenge, especially for small and medium-sized businesses.

As ransomware gangs continue to adapt their tactics, organizations must remain vigilant and proactive in their cybersecurity efforts. Investing in robust backup strategies and security measures is crucial to protect critical data and systems from falling victim to these increasingly sophisticated attacks.