The ransomware is not a new threat, although the advancement of technology has brought sophistication and diversification of the attacks. Until now, cybercriminals sent malware infections through malicious links or emails, hoping that some user would open the file and thus be able to encrypt a company's data.
But, despite the fact that this type of malware is still active, the current trend is marked by attacks on well-known software applications and large corporations, directly affecting backup. For this reason, more than ever, cloud storage for companies is being so important.
The types of infectious attacks
Today we can differentiate between three types of attacks.
Deletion of backup repositories in the cloud
They are implemented by remote desktop protocols in which cybercriminals steal domain credentials, encrypt data, and delete files from the backup repository.
Massive attacks
They have a great reach. They pick their victims at random, hoping that a user will click on a malicious link or download a file
Inclusion of 'malware' in the backup
It is not detected. The malware lays dormant and reinfects the system while the backup is being restored.
There are companies specialized in blocking and detecting any type of unauthorized malicious code that tries to penetrate the backup copies in the cloud for companies. This isolates the malicious file and all information is safely restored.
How to protect cloud backups for business?
The developers of these malicious programs are aware that backup in the cloud is a very effective defence and that makes them modify the malware in order to remove and track the backups.
Although ransomware was a great threat just a few years ago, evolution has been necessary and its creators take advantage of the latest vulnerabilities to take action. Using of an updated antivirus software is must for protection against ransomware. There are several families and when an exploit is used that infects a system, it can move laterally and create a larger target.
Infection in backups
It will delete any of the backups found along the way. One of the common tactics is to delete the automatic copies of files that Windows generates.
There are other variants that remove hidden backups and volumes. This version is not specific for backups, but it does put the simplest solutions at risk, such as those that result in data residing on shared file resources.
Opportunistic attacks
Not all current backups are vulnerable. Usually, the infectious file going after them is not a deliberate action, but an opportunistic one. Depending on the malware, the system is routinely scanned for specific files, and if it finds a backup file extension, it will almost certainly encrypt it. It tries to spread and infect as many systems as possible.
Is it possible to protect systems and backups?
Yes, it is possible to protect backup copies by taking a series of precautions such as the following.
Isolate backups
The more barriers between an infected system and its backups, the more difficult it will be for the malicious program to access it. One of the most common mistakes is using the same authentication method for backups in different places.
When it is detected that a user's account is compromised, the first thing the criminal wants to do is increase his privileges. If the backup system uses the same authentication, it will be easy to take control of everything.
To avoid this, it is convenient to have independent authentication systems, with different passwords, to make this step more complex.
Complete Windows backups with other additional and more tools. Additional backups and third-party tools that are not part of Windows' default settings can help us defend against ransomware by encrypting or deleting local file backups.
If things are not done the same way, the malware will not know which backups to delete. If an employee becomes infected with something, they can erase it and restore it from backup.
No comments:
Post a Comment