• Home
  • Resources and Tips
    • Digital Resources
    • Physical Resources
    • Hints and Tips
  • Education
  • IT
  • Learning in the future
  • Schools
  • Students
  • Tech in education
What's hot

What is Pocketalk? The translation tool explained

May 28, 2023

Taking care of yourself during and after exam season – Student Blog

May 28, 2023

Ohio teacher shortage: As schools review vacancies, teachers fill gaps – cleveland.com

May 28, 2023

Assad’s normalization leaves Syrians in Rukban’s camp fearful of the future – Al Jazeera

May 28, 2023
Facebook Twitter Instagram
  • Home
  • Contact us
  • Privacy policy
  • Terms & Conditions
Facebook Twitter Instagram
Teaching Resources Pro
  • Home
  • Resources and Tips
    • Digital Resources
    • Physical Resources
    • Hints and Tips
  • Education

    Can you guess these 10 words from the Scripps Spelling Bee?

    May 28, 2023

    Essay on “Every Brain Needs Music” and “Hi Ren”

    May 26, 2023

    Tips for reducing costs when implementing customer training software

    May 22, 2023

    An economist spent decades saying that money wouldn’t help schools. Now his research suggests otherwise.

    May 20, 2023

    Teacher leadership at the national level

    May 18, 2023
  • IT

    How to Join a Node to a Docker Swarm

    May 28, 2023

    Five key steps when there is a risk of a fraud investigation

    May 26, 2023

    8 VS Code extensions you didn’t know you needed

    May 24, 2023

    Jenkins CI/CD Tool Review | TechRepublic.com

    May 20, 2023

    How to explain data meshes, structures and clouds

    May 16, 2023
  • Learning in the future

    Assad’s normalization leaves Syrians in Rukban’s camp fearful of the future – Al Jazeera

    May 28, 2023

    Montgomery middle schoolers ‘invent the future’ in unique STEM… – The Washington Post

    May 26, 2023

    New book explores the future of leadership learning and… – Business Plus

    May 24, 2023

    Education in crisis: Supporting the future of Syrian children – Syria … – ReliefWeb

    May 22, 2023

    Educational entertainment; The future of education? – The financial express

    May 20, 2023
  • Schools

    Ohio teacher shortage: As schools review vacancies, teachers fill gaps – cleveland.com

    May 28, 2023

    Reed City Public School students receive surprise gift ahead of summer break – Reuters

    May 26, 2023

    Oxford parents push back on proposal to add more guns to… – Reuters

    May 24, 2023

    At least 20 dead in fire at school dormitory in Guyana, officials say: "It’s a major disaster" – CBS News

    May 22, 2023

    UK schools ‘baffled’ by AI and don’t trust tech companies, headteachers say – The Guardian

    May 20, 2023
  • Students

    Taking care of yourself during and after exam season – Student Blog

    May 28, 2023

    Fulfill my mission to attend conferences – SJSU

    May 26, 2023

    Student Loan Repayment Breakdown Guide

    May 24, 2023

    How to Apply for College Recommendation Letters

    May 22, 2023

    Top Questions to Ask Your College or High School Counselor

    May 20, 2023
  • Tech in education

    What is Pocketalk? The translation tool explained

    May 28, 2023

    Improving English learning with technology in the classroom

    May 26, 2023

    Ten Ways to Use Adobe Express at School

    May 24, 2023

    EOS Education Achieves Education Partner Specialization in Google Cloud Partner Advantage

    May 22, 2023

    Online summer reading

    May 20, 2023
Teaching Resources Pro
Home»IT»Ransomware, Storage and Backup: Impacts, Limits and Capabilities
IT

Ransomware, Storage and Backup: Impacts, Limits and Capabilities

November 18, 2022No Comments8 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest Email

Over the past decade, ransomware has evolved from a relatively obscure crime to a multi-billion dollar industrywith the biggest corporations and even governments in its sights.

Organized cybercrime groups demanding six and seven or more digit ransoms of their victims. Using a combination of network infiltration, malware, and cryptography, ransomware prevents companies from accessing their data by attacking storage, encrypting data, and even disabling backups.

Cybercriminal groups have also been spurred by the growth of cryptocurrencies, which offer criminals a low-risk way to extract payments, and techniques that go beyond data encryption. These include double and triple extortion attacks and threats to disclose sensitive data.

Ransomware attacks such as those that hit Maersk, Colonial Pipeline and the Irish Heath Services Executive have grabbed headlines for the disruption they have caused. But ransomware attacks are now commonplaceand increasingly difficult to prevent.

According to experts at data security firm Kroll, between 25% and 45% of the company’s investigations currently involve ransomware attacks.

Laurie Iacono, associate general manager of threat intelligence at Kroll, says a small number of ransomware groups are now behind most attacks, and up to 86% of attacks now involve the data exfiltration, not just encryption.

“What we’re seeing is that ransomware has become a predominant attack vector,” she says.

How do ransomware attacks work?

The conventional path for ransomware into an organization is through an infected email attachment that contains an executable file, or by tricking users into visiting a website that contains malware. This injected software is deployed on the network and seeks its targets.

Double and triple extortion attacks create backdoors in systems that allow attackers to exfiltrate data. More and more, it goes hand in hand with disable backups and attacks on core network services such as Microsoft Active Directory.

The latest generation of ransomware attacks targets backup systems, appliances and virtual machines. “They target physical appliances and virtualized appliances,” says Oisin Fouere, head of cyber incident response at consultancy KPMG.

“Many backup systems are hosted on virtual infrastructure. They began targeting and removing OS-level information on these systems, as well as attacking the bulk of the systems.

And as Kroll’s Iacono points out, ransomware groups often recruit people with technical knowledge of backup systems.

But first, the ransomware must enter the company’s network. The conventional – and still the most common – approach is to use a phishing attack or other form of social engineering to deliver infected attachments or convince employees to click on infected web links.

During the Covid lockdown, ransomware groups exploited weaknesses in virtual private networks and remote desktop systems, which caused an increase in ransomware cases.

“There was a lot of exposure around poorly protected or misconfigured remote access systems, which meant attackers didn’t need to spend time trying to solve the intrusion vector problem,” explains Fouere of KPMG. “They were presented with almost an open door scenario, and it was a favorite choice over the last two years.”

The hardening of these hotspots is behind a recent drop in ransomware incidents – but that’s no reason to be complacent, experts warn.

Keith Chappell, cybersecurity expert at PA Consulting, says we are seeing “more deliberate, targeted and better documented attacks that actually have a purpose, whether to disrupt operations… or extort to gain the money”.

What is the impact of a ransomware attack on storage and backup?

Ransomware attacks aim to deny access to data. First-generation attacks targeted hard drives, often on home PCs, with fairly low-level encryption methods. Victims could get a decryption code for a few hundred dollars.

However, modern attacks are both more selective and more damaging. Attackers are increasingly using reconnaissance to find high-value targets. This includes Personally Identifiable Data (PII), such as customer, business or medical records, or intellectual property. These are the files companies will fear most from being made public.

“Very often a phishing attack or a ransomware attack can be used as a masking technique for something else that is going on, or can be masked by doing something else”

Keith Chappell, PA Advisor

But attackers also target identity and access management networks and data, operational systems, including operational technology, and live data streams, as well as backups and archives. Double and triple extortion attacks who track backups or disaster recovery and business continuity systems offer the best chance of payout. Without the ability to recover a system or restore data from backups, businesses have no choice but to pay.

Attackers are also looking for accounts they can compromise and use to elevate privileges, to carry out deeper or deeper attacks. Thus, security teams must secure not only the main data stores, but also the administrative systems.

“Very often a phishing attack or a ransomware attack can be used as a masking technique for something else that is going on, or can be masked by doing something else,” says Chappell of PA Consulting.

How are storage and backup useful in the event of a ransomware attack?

Even though criminal hackers actively target backups, backups are still the best defense against ransomware.

Businesses should ensure that they perform regular backups and that these are immutable, stored off-site, or ideally both. “You need to back up data daily, weekly, and monthly, and you need to store backups in physically separate and disconnected locations, ideally in different formats,” Chappell explains.

Much has been said about the need toair pocket” data from systems susceptible to attack, and nowhere is this more important than for storing backup copies. However, older backup media, such as tape, are often too slow to allow full recovery within the timeframe required by the business.

“Organizations realized they couldn’t wait months for those tape backups to be restored,” says KPMG’s Fouere. Instead, customers are turning to cloud-based resiliency and recovery primarily for speed, he says.

In turn, backup vendors and cloud service providers now offer immutable backups as an additional layer of protection. High-end active-to-active business continuity systems remain vulnerable to ransomware because data is copied from the primary system to the backup system. Thus, businesses need strong backup and ways to scan volumes for malware before they are used for recovery, and ideally as data is saved.

But IT organizations must also take steps to protect backup systems themselves. “They are also vulnerable, like any other software product,” Kroll’s Iacono says. “You have to make sure the backup systems are patched. We’ve had cases of hackers exploiting vulnerabilities in backup systems to help them exfiltrate data or evade detection.

Some IT teams go even further. As ransomware groups spend more time on reconnaissance, companies obfuscate the names of servers and storage volumes. This is a simple and inexpensive step to avoid using obvious labels for high-value data stores, and it can save valuable time when it comes to stopping an attack.

What are the limitations of storage and backup as ransomware protection?

Good discipline around data backups has reduced the effectiveness of ransomware attacks. This may explain why cybercriminal groups have moved on to double and triple extortion attacks, targeting backup systems and exfiltrating data.

“[Backup systems] are also vulnerable, like any other software product. You have to make sure [they] are patched. We’ve had cases of hackers exploiting vulnerabilities in backup systems to help them exfiltrate data or evade detection.”

Laurie Iacono, Kroll

Using immutable backups alongside disk or cloud storage always minimizes the impact of ransomware. But companies need to ensure that all parts of critical systems are fully protected – and that includes testing. Even if the primary data store is backed up, a system restore can fail if operational or administrative data is encrypted because it was excluded from the backup plan.

Businesses should also enable data restoration where good backups exist. Even with the latest backup and recovery tools, this is still a disruptive process.

Also, immutable backups will not prevent data exfiltration. Here, companies need to invest in encryption of data assets. They can only do this if they have an accurate and up-to-date understanding of where their data resides. Organizations should consider monitoring tools that can detect unusual data movement and invest in protecting privileged user accounts.

Since most ransomware is still spread through phishing and social engineering, organizations can take technical steps to protect their perimeter.

But training staff to spot suspicious emails, links, and attachments, combined with multi-factor authentication, is the best defense against ransomware. For ransomware, as with other forms of fraud and online crime, security awareness is an essential part of defense in depth.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

How to Join a Node to a Docker Swarm

May 28, 2023

Five key steps when there is a risk of a fraud investigation

May 26, 2023

8 VS Code extensions you didn’t know you needed

May 24, 2023
Add A Comment

Leave A Reply Cancel Reply

Latest

What is Pocketalk? The translation tool explained

May 28, 2023

Taking care of yourself during and after exam season – Student Blog

May 28, 2023

Ohio teacher shortage: As schools review vacancies, teachers fill gaps – cleveland.com

May 28, 2023

Assad’s normalization leaves Syrians in Rukban’s camp fearful of the future – Al Jazeera

May 28, 2023

Subscribe to Updates

Get the latest creative news from teachingresourcespro.

We are social
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Don't miss

What is Pocketalk? The translation tool explained

May 28, 2023

Taking care of yourself during and after exam season – Student Blog

May 28, 2023

Ohio teacher shortage: As schools review vacancies, teachers fill gaps – cleveland.com

May 28, 2023

Subscribe to Updates

Get the latest creative news from teachingresourcespros.

  • Home
  • Contact us
  • Privacy policy
  • Terms & Conditions
© 2023 Designed by teachingresourcespro .

Type above and press Enter to search. Press Esc to cancel.