What makes a ransomware attack eight times as costly? Compromised backups
Any organisation that has tried to recover from a ransomware attack knows that it can be time-consuming and costly. Companies hit by an attack must choose between paying a ransom or recovering encrypted data from a backup.
Unfortunately, ransomware gangs are too aware that they can leverage significantly higher ransoms from their corporate victims if they have also compromise the company's backups. For this reason, we are seeing more and more cyber attacks targeting backups because they know that organisations desperately need them to recover if they want to avoid paying a ransom to cybercriminals.
New research from Sophos makes clear that the problem is significant.
It found that 94% of organisations hit by ransomware in 2023 said that the cybercriminals attempted to compromise their backups during a ransomware attack. In other words, it's unusual for backups not to be an attractive target in a malicious attack.
The situation is even worse for sectors such as state and local government, the media, and the leisure and entertainment industry, with 99% of attacks attempting to compromise backups.
Of course, when backups are successfully compromised, the impact is significant - with ransom demands, the likelihood of payment, and the amount paid by the corporate victim essentially doubling compared to incidents where the backups remained safe.
But the scariest statistic of all is how overall costs can explode when backups have been compromised by malicious hackers - with overall recovery costs eight times higher than for those whose backups are not impacted.
So, what should your company do about this threat? Here are our recommendations:
- Backup frequently and store the backups remotely: You should make backups on a regular basis and store them securely in a separate physical location from your office - such as the cloud.
- Practice recovery: Regularly test restoring from backup to ensure that it actually works. The faster you can do this following a real attack, the better. You don't want to find out when you need a backup the most that you can't restore from it.
- Secure your backups: Protecting your backups is crucial for ransomware defence, so ensure you have a layered defence in place to prevent unauthorised access. Encrypt your backups so that if they fall into unauthorised hands, they cannot be plundered. Watch out for suspicious activity, which could signal attackers trying to access them.
Don't be forced into paying an expensive ransom by not properly securing your backups.
Its next-generation business continuity and disaster recovery solution stores backups in a highly secure environment, completely isolated from your business infrastructure. This means that your data remains safe even if your company's systems are compromised, allowing for seamless remediation that minimise any potential financial, operational, and reputational damage.
Don't make the mistake of believing that your organisation or its backups will never be targeted. The right approach is to take proactive measures in advance - as it's not a case of whether your business will suffer the likes of a ransomware attack but when.
Make sure to read Exponential-e's step-by-step guide on ransomware remediation.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.