SoylentNews is people
SoylentNews
Backups 'no longer effective' for stopping ransomware attacks:
The growth of double extortion – and even triple extortion – ransomware attacks is in danger of rendering common, traditional methods of mitigating the impact of a ransomware hit, such as well-maintained backups, less efficacious, according to a report from machine identity specialist Venafi.
Data collated from Venafi's worldwide survey of IT and security decision-makers reveal that 83% of successful ransomware attacks now involve alternative extortion methods – for example, using stolen data to extort customers (38%), leaking data to the dark web (35%), and informing customers that their data has been compromised (32%). A mere 17% of attacks merely ask for money for a decryption key.
Venafi said that this means that because ransomware attacks now rely on data exfiltration, effective backup strategies are therefore to some extent "no longer effective" for containing a breach.
"Ransomware attacks have become much more dangerous. They have evolved beyond basic security defences and business continuity techniques like next-gen antivirus and backups," said Kevin Bocek, vice-president of business development and threat intelligence at Venafi.
Venafi also found that cyber criminals are increasingly following through on their threats whether or not they get paid. Indeed, 18% of victims had their data leaked despite paying, while more than the 16% who refused outright to pay anything and had their data leaked. Some 8% refused outright, but then had their customers extorted; and 35% paid, but were left hanging, unable to retrieve their data.
(Score: -1, Troll) by Anonymous Coward on Saturday February 26 2022, @06:38PM (3 children)
Is keeping TWO damn boxes connected to two damn LCDs on same desk SO damn hard?
An Internet connected one for emails, searches, and online timewasting; and another on the internal network where sensitive data are, and no Internet-connected device allowed in.
If something from the sensitive-data network ever need be emailed for some reason, then damn print it out, then scan it in, and send. Or do a photo of the screen and send that. If that is "too hard", then your data are not sensitive enough.
(Score: 3, Insightful) by Anonymous Coward on Saturday February 26 2022, @06:43PM (2 children)
Yes, it is that damn hard. Normal people barely comprehend a single PC, and you expect them to handle two with no method of sending data from one to the other?
Your solution is clearly not a realistic one. We're talking about normal companies handling client data, like internet shops and so on, not NSA state secrets.
(Score: 1, Insightful) by Anonymous Coward on Saturday February 26 2022, @07:10PM (1 child)
Those "normal companies" can choose; either they do NOT gather and keep sensitive client data, or they are fully liable for criminal negligence when the mis-kept data get stolen from them.
If people cannot be bothered to handle sensitive data with proper care, they SHOULD NOT BE HANDLING THEM AT ALL.
(Score: 3, Funny) by Anonymous Coward on Saturday February 26 2022, @07:26PM
Then by the finest capitalist principles they choose not to care unless they are in the EU and are bound by the GDPR rules.