Stories
Slash Boxes
Comments

SoylentNews is people

Backups "No Longer Effective" for Stopping Ransomware Attacks

posted by martyb on Saturday February 26 2022, @03:16PM   Printer-friendly

upstart writes:

Backups 'no longer effective' for stopping ransomware attacks:

The growth of double extortion – and even triple extortion – ransomware attacks is in danger of rendering common, traditional methods of mitigating the impact of a ransomware hit, such as well-maintained backups, less efficacious, according to a report from machine identity specialist Venafi.

Data collated from Venafi's worldwide survey of IT and security decision-makers reveal that 83% of successful ransomware attacks now involve alternative extortion methods – for example, using stolen data to extort customers (38%), leaking data to the dark web (35%), and informing customers that their data has been compromised (32%). A mere 17% of attacks merely ask for money for a decryption key.

Venafi said that this means that because ransomware attacks now rely on data exfiltration, effective backup strategies are therefore to some extent "no longer effective" for containing a breach.

"Ransomware attacks have become much more dangerous. They have evolved beyond basic security defences and business continuity techniques like next-gen antivirus and backups," said Kevin Bocek, vice-president of business development and threat intelligence at Venafi.

Venafi also found that cyber criminals are increasingly following through on their threats whether or not they get paid. Indeed, 18% of victims had their data leaked despite paying, while more than the 16% who refused outright to pay anything and had their data leaked. Some 8% refused outright, but then had their customers extorted; and 35% paid, but were left hanging, unable to retrieve their data.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Backups "No Longer Effective" for Stopping Ransomware Attacks | Log In/Create an Account | Top | 35 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Saturday February 26 2022, @07:10PM (1 child)

    by Anonymous Coward on Saturday February 26 2022, @07:10PM (#1225148)

    Those "normal companies" can choose; either they do NOT gather and keep sensitive client data, or they are fully liable for criminal negligence when the mis-kept data get stolen from them.
    If people cannot be bothered to handle sensitive data with proper care, they SHOULD NOT BE HANDLING THEM AT ALL.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1  

  • (Score: 3, Funny) by Anonymous Coward on Saturday February 26 2022, @07:26PM

    by Anonymous Coward on Saturday February 26 2022, @07:26PM (#1225152)

    Then by the finest capitalist principles they choose not to care unless they are in the EU and are bound by the GDPR rules.