Bad actors are becoming craftier with their methods of ransomware attacks by targeting backup storage to force organizations to pay a ransom, according to the software company Veeam.
In the event of a ransomware attack, companies typically have two options: pay the ransom and hope that their data can be restored through a decryptor sent by the bad actors or ignore the ransom demands and restore their data via a backup option, TechRadar reports.
However, in its 2023 Ransomware Trends Report, Veeam found that ransomware hackers are going straight to the backup options to force companies to give in to ransom demands.
According to the company’s research that looked at 1,200 organizations that were victims of nearly 3,000 cyberattacks, Veeam claims that 93% of cases saw bad actors attempt to access backups during attacks. They were able to access backups, even partially, in 75% of those cases, while in 39% of cases, companies lost all of their backup data.
Experts at Veeam note that the best practice for organizations to protect against ransomware attacks is by having strong security measures for both original data and backup. The company recommends frequent, automated cyber-detection scans for backups, auto-verification for backup restoration, and using immutable sources — such as immutable clouds and immutable disks — as backup options to aid against data being deleted or corrupted.
While many organizations typically do pay the ransom when their data is compromised, this does not guarantee a recovery of data. Of the 80% of organizations that paid ransom demands, 59% were able to recover their data, while 21% were not, according to Veeam.
Paying ransom demands is up 4% year-on-year, while organizations using a backup option is down 19% year-on-year.
Ransomware attacks are becoming so lucrative that the notorious cybercriminal gang LockBit has set its sights on targeting macOS and Mac computers as of April. The never-before-seen ransomware might be a first for LockBit, as the gang typically develops on Windows, Linux, and virtual host machines.
The Mac-specific ransomware seems to target Apple Silicon Macs and is listed on the web under the build name locker_Apple_M1_64, according to the security research group MalwareHunterTeam.
The group notes that now that news of the ransomware is out in the open, Macs might be more susceptible to cyberattacks.
LockBit is known as a ransomware-as-a-service (RaaS) operation that allows others to purchase their nefarious products for their own unsavory tasks.