New Sophos report reveals a problematic trend: ransomware attackers are increasingly targeting backups, crippling organizations’ ability to recover data and significantly raising ransom demands. Learn how to protect your backups and minimize the impact of a ransomware attack.
Ransomware attacks have become a reality for businesses of all scales worldwide, but a new report from cybersecurity firm Sophos reveals an even more disturbing trend: attackers are increasingly targeting backups.
Backup, as we know it, is one thing that keeps victim businesses from paying ransom to ransomware groups. However, the new tactic of targeting backup data cripples an organization’s ability to recover data without paying the ransom, seriously increasing the pressure to meet the demands of cybercriminals.
As observed before, companies such as Accenture and Bykea have thwarted ransomware attacks by leveraging backups and dismissing ransom demands. However, there have also been examples where the backup itself was encrypted.
The Sophos report (PDF), titled “The impact of compromised backups on ransomware outcomes,” is based on a survey of nearly 3,000 IT professionals whose organizations fell victim to ransomware attacks in the past year. The findings reveal a concerning reality, emphasizing the role of strong backup security in fighting cyber extortion.
Near-Universal Backup Targeting:
The report exposes the pervasiveness of backup targeting by attackers. A staggering 94% of surveyed organizations reported that attackers attempted to compromise their backups during the attack.
This attempt rate goes even higher in specific sectors, with government and media organizations experiencing a near-perfect 99% rate of attempted backup compromise.
Compromised Backups, Soaring Costs:
The effects of losing access to backups are harsh. The report found that organizations unable to recover data from backups due to the attack were forced to pay significantly higher ransoms.
On average, these organizations paid more than double the ransom amount compared to those with secure backups. This results in an average ransom demand of $2.3 million for those with compromised backups, compared to $1 million for those with secure backups.
Importance of Backup Security:
The Sophos report also emphasizes the role secure backups play in mitigating ransomware damage. Having a reliable, isolated backup system that’s not vulnerable to the initial attack allows organizations to restore data quickly and minimize downtime.
This not only reduces financial losses from operational disruptions but also weakens the attacker’s leverage, potentially leading to lower ransom demands or even complete avoidance of payment.
Commenting on this, Chad Graham, Manager of the Cyber Incident Response Team (CIRT) at Critical Start emphasised that regularly backing up data ensures business continuity and protects against cyber threats like ransomware.
“Performing backups for computer information systems is a crucial cyber risk mitigation strategy because it ensures the continuity of business operations and data integrity in the event of a cyberattack, system failure, or data corruption. Having offline backups is particularly important, as they are immune to online threats like ransomware attacks, which can encrypt or destroy online data,” Chad advised.
He further explained that “Despite its simplicity and effectiveness, the practice of regularly creating and updating backups is often overlooked, leading to significant vulnerabilities in an organization’s cybersecurity posture. This oversight can result in catastrophic data loss and operational downtime, emphasizing the necessity of incorporating backup strategies into comprehensive cybersecurity plans.”
Investing in Cybersecurity Solutions:
The report shows the importance of investing in security solutions against ransomware attacks that prioritize backup security. This includes implementing strong access controls, and offline backups that are physically isolated from the network.