Ransomware 2.0: The Next Evolutionary Stage
Why are backups the target?
In many companies, regular backups are the cornerstone of the IT security strategy, as they allow for data recovery after an attack, thereby limiting damage. Attackers are well aware of this. They increasingly recognize that an effective attack on this “last line of defense” can enhance their chances of a ransom payout. An encrypted network without functional backups often leaves companies with no choice but to comply with the ransom demand — which is precisely the goal of ransomware attackers.
The new tactics of Ransomware 2.0
Hackers aim to directly attack backups and specifically destroy them before companies have the chance to restore their data. This is achieved through various advanced techniques:
- Long Latency Periods:
Attackers take their time and infiltrate the network undetected before launching the actual attack. This allows them to gain access to backup systems, delete or compromise them, and ensure that recovery options are restricted. - Enhanced Encryption:
Cybercriminals utilize stronger encryption mechanisms and targeted attacks on backup infrastructures, which can even affect redundant backups. - Attacks on Isolated Backup Systems:
This generation of ransomware not only targets the main network but also specifically seeks to infiltrate isolated or externally stored backups.
Tips for Defense
To protect against these advanced attacks, companies must adapt their security approaches, especially focusing on the protection of their backup systems. Here are some steps you should take:
- Isolated and Secure Backup Solutions:
Implement a backup system that is fully isolated and separated from the main network. Such “air-gap” solutions provide a strong protective barrier that is more difficult for attackers to breach. - Regular Recovery Tests:
A backup is only as good as its recoverability. Conduct regular tests to ensure that your data can be restored in an emergency. - Backup Versioning:
Use backup versioning and multiple recovery points to have a wider selection of data copies available for emergencies. - Access Controls and Monitoring:
Ensure that only authorized personnel have access to the backup systems and use modern monitoring tools to quickly detect unusual activities.
Ransomware 2.0 is a dangerous evolution that targets the core of many contingency strategies: the backup. It is time to make backup solutions more robust and secure to effectively defend against these new threats. An isolated and secured backup system, along with regular recovery tests, is no longer optional but essential. Companies that do not adapt their backup strategies to these threats risk being left without options after an attack. Prepare now and strengthen your last line of defense—before it’s too late.
Do you know about immutableVEEAM@MOUNT10?
ImmutableVEEAM is the optimal addition to your backup and recovery concept. You can choose between a 7 or 30-day backup history—your personal deletion protection to ensure that your data cannot be deleted or manipulated due to this security measure.
This allows you to quickly and easily access a previous backup and restore your data in case of an attack.
Your data is automatically and pre-encrypted in Europe’s safest data center—SWISS FORT KNOX I & II.
Interested in learning more about immutableVEEAM@MOUNT10? We are happy to assist you.
