Long game attacks wipe away backup infrastructure

A security professional and his team were onsite to discuss a solution they were building when the client brought up anomalies with its backup data. The security team discovered that malicious software had been sitting in place for six months. So-called “backup attacks” wipe away an organization’s backup infrastructure and storage snapshots before locking and encrypting file systems, preventing the recovery of backup data, thereby giving ransomware gangs leverage to coerce a company into paying. Backup data is the fail-safe for companies hoping to mitigate damage from ransomware attacks. It can be used to restore quickly and more completely without giving in to attackers demands. “If you can’t access backup, you aren’t going to be able to restore files and you’re more likely to pay the ransom,” said Diana Kelley, chief technology officer and founding partner at Security Curve. Protecting backup is important, but having all systems patched and current is a minimum for security, and a strong antivirus and antispam solution should be able to frequently scan devices for malware.