When an organization suffers a ransomware infection, it usually has two options: either pay the ransom demand and hope the decryptor works, or restore the data from a backup solution and continue with business as usual.
However, new research from Veeam found that hackers are increasingly targeting backup solutions to force victims to pay the ransom anyway.
The company’s Veeam 2023 Ransomware Trends Report, based on insights from 1,200 affected organizations and nearly 3,000 cyberattacks, claims that threat actors almost always (in more than 93 percent of cases) target backups during cyberattacks. Of this number, they will be successful (even partially successful) in three out of four (75%) cases. In more than a third of cases (39%), the backup repository was completely lost. As such, immutability and air gaps in backup solutions remain critical for businesses.
focus on the basics
“We need to focus on effective ransomware preparation by focusing on the basics, including robust security measures and testing raw data and backups, ensuring the survivability of backup solutions, and ensuring backup and network teams are aligned for a unified stance ,” said Veeam CTO Danny Allan.
Paying a ransom still appears to be the most popular way to resolve a problem, with 80% doing so in the last year (up 4% year-over-year). While 59 percent managed to recover their data after paying a criminal, one in five (21 percent) were still unable to get their data back after paying. Additionally, only 16% managed to restore their assets from backups — a 19% year-over-year decline.
While best practices (protecting backup credentials, automating backup network detection scans, and automatically verifying that backups are recoverable) are important, Veeam believes organizations need to ensure backups aren’t deleted or corrupted, and they can do so by focusing on immutability.
Among ransomware victims, 82% use immutable cloud, 64% use immutable disk, and only 2% of backup solutions have at least one layer without immutability.