Currently dealing with cyberattacks is a task that brings all organizations upside down as they are becoming more sophisticated and numerous. In particular, we must mention ramsonware, one of the most common among cybercriminals and that most concerns organizations. Through this attack the cybercriminal encrypts data or blocks access to prevent users from having access to them and only if they pay the ransom that is asked of them will they be returned. In the next post we tell you why ramsonware is inevitable and a report that supports this theory published Data Protection in January 2022.
Data that supports that ramsonware is inevitable
As we have mentioned before, Data Protection conducted a survey of 3,393 organizations in January 2022, of which 76% suffered at least one ramsonware attack during 2021 and 24% managed to prevent these attacks or were not aware of having suffered it.
In this survey are organizations of all sizes small, medium even large (>employed), which means that just like any other disaster (fire, flood, human error etc.) ramsonware attacks are universally pervasive in any type of company.
Among the questions asked in the survey, the most noteworthy are:
How did ransomware enter your organization’s computing environment?
The following information was extracted from this question:
- 44% email phishing, malicious links, web etc.
- 41% infected patch, software package etc.
- 35% credential compromise.
- 32% internal threat.
- 26% critical vulnerability.
- 1% unidentified access point.
Did the cybercriminal attempt to modify/delete backup repositories as part of their ransomware attack?
The following information was extracted from this question:
- 38% some backup repositories were affected
- 30% impacted most backup repositories
- 26% tried to impact backup repositories without success
- 6% did not attempt to impact backup repositories
How long after the attack was your organization able to start restoring data from its backups?
The following information was extracted from this question:
- 55% 2-4H
- 44% 1-2H
- 35% 4-8H
- 19% 1-2 days
- 13% 15min-1H
- 11% could not restore
The key to success: clean backups
Having contingency plans is essential for the continuity of any business, but when we talk about this type of attacks these solutions make perfect sense.
The key to success lies in understanding the difference between securing backup repositories and ensuring that data is clean within those repositories. Protecting the repository does not guarantee that the contents of a repository are free of malware.