“Your data has been stolen and encrypted. If you don’t pay the ransom, they will be posted on our TOR sites in dark web. Keep in mind that once your data appears on our leak site, your competitors could buy it at any time.”
It sounds like a message from a sci-fi movie, but that’s exactly what the message said. ransom note received two weeks ago bizlandthe company that manages online authorizations for the purchase of drugs with discounts in pharmacies in Argentina.
The Lockbit group hijacked the company’s data, which ultimately resulted in pharmacies not being able to sell medicines like they used to. The Argentines are left without validated recipes or without discounts… the chaos lasted for six days.
Now it is known that 93% of global cyberattacks target backup storage. In other words, they not only try to encrypt your information, but also back up that information, in order to force payment of the ransoms they demand. The other worrying figure is that in 75% of cases they manage to infect the backup.
The data comes from a study of 1,200 affected organizations and nearly 3,000 attacks.
“This report proves it today It’s not a question of whether your organization will be targeted by a cyber attack, but how often it will be. While security and prevention remain very important, it’s imperative that all organizations focus on how quickly they can recover from an attack,” said Danny Allan, chief technology officer at Veeam, the industry company that unveiled in Miami its Trend Report 2023. at the annual meeting with clients, analysts and journalists It was two days full of meetings and sessions on digital security.
The key tactic now is therefore to ensure that the backup repositories cannot be deleted or corrupted. And if that happens, recovery is in minutes not days.
“The most important thing is to be in control. Backup check, with rule 3, 2, 1, 1, 0. What does it mean? It states that there should always be at least three copies of the data, on at least two different types of media, at least one on external media and one offline, with zero unverified or failed backups.” clarion Rick Vanover, Senior Director of Product Strategy at Veeam.
“If now the criminals also attack the backup – Vanover added – what needs to be done is permanently test those backups to find out as soon as possible.
Ransomware attacks have skyrocketed during the pandemic and are still on the rise. “From SMEs to large corporations and state-run organizations, we even provide services to the Argentine security forces. We are the last layer of defense, like car insurance. When you have been attacked, we have to revoke the service in minutes We are essentially a backup data and recovery companies, but today we prefer to talk about being a business continuity company,” explained a clarion Martín Colombo, director of strategy for Latin America at Veeam.
For the second consecutive year, the majority (80%) of the organizations surveyed paid the ransom to stop an attack and recover data -4% more than a year earlier-, despite 41% of organizations saying they have a “no payment” policy against ransomware. However, while 59% paid the ransom and were able to recover their data, 21% have paid the ransom and have not yet recovered their data seized by cyber criminals. Furthermore, only 16% of organizations avoided paying the ransom because they could recover thanks to the backup they had.
“Attacks are becoming more complex and therefore what you need to do is have a robust solution: if your backup repository is attacked, you need to protect it with an equally complex and efficient system,” added Tomás Dacoba, Director Marketing for Latin America.
During the meeting it emerged that a university in Mexico had been having ransomware on its systems for eight months without knowing it. During all this time the criminals studied the organization’s movements until eight months later they decided that it was time to encrypt and hold ransom. It is estimated that they entered through a “poorly patched” server.
“In many cases they filter out the ransomware and don’t attack right away. It takes several days to analyze how the company works, what is the CEO account, what do they do. And once they have the complete picture, they encrypt the data and send the extortion message,” Vanover told this newspaper.
Most of the attacks continue to come from Eastern Europe and Asia. Latin America suffers like the rest of the regions from the problem, but is hardly a producer of ransomware. In the corridors of the meeting, the Reale Group was indicated as the one that is giving the hardest blows these days.
Linda Price is a tech expert at News Rebeat. With a deep understanding of the latest developments in the world of technology and a passion for innovation, Linda provides insightful and informative coverage of the cutting-edge advancements shaping our world.