Connect with us

Software

Ransomware syndicates are focusing their attacks on backup systems in order to maximize their financial gains

blank

Published

on

blank

Data backups have become a top target for ransomware actors, according to a report from a cybersecurity company.

A startling 94% of organizations that experienced ransomware attacks in the previous year reported that the attackers made an effort to compromise their backup systems, according to a recent study by Sophos that involved polling about 3,000 IT and security experts from 14 different countries.

For organizations in the government, media, leisure, and entertainment sectors, the percentages were even higher, reaching 99%.

The report outlined the two primary methods for recovering encrypted data in a ransomware attack: restoring from backups or opting to pay the ransom.

“By compromising an organization’s backups, ransomware actors can severely limit the victim’s ability to recover encrypted data, thereby increasing the pressure to pay,” stated the researchers.

“It has become a routine occurrence for these individuals during their attacks,” commented Curtis Fechner, the head of cybersecurity threats at Optiv, a Denver-based provider of cybersecurity solutions.

He mentioned to TechNewsWorld that they constantly attempt to locate and render the backups inaccessible. One aspect of their strategy for earning money involves identifying the backups, as they aim to maximize their potential revenue from an attack.

“By taking your backups offline and using them as leverage for recovery, I have increased the likelihood of you paying. Furthermore, I can exploit your desperation to extract even more from you.”I understand that you’re in a difficult situation,” Fechner added.

Growing Threat
According to Ilia Sotnikov, a security strategist and the vice president of user experience at Netwrix, an IT security software company headquartered in Frisco, Texas, enterprise ransomware was not very sophisticated when it first emerged about 10 years ago.

The ransomware malware quickly spread through the system by taking advantage of weak configurations or vulnerabilities and encrypting any data it came across. According to him, the victim was forced to pay a ransom in order to regain access to their operations.

“The cybersecurity industry has implemented a comprehensive security strategy that includes enhanced protection and detection capabilities, as well as a strong focus on backup and recovery practices,” he stated. Due to their expertise, organizations were able to successfully deflect the majority of attacks, significantly reducing the number of successful ones. Additionally, they gained valuable knowledge on how to efficiently restore systems and operations without resorting to paying a ransom.

Furthermore, he explained that the ransomware strategy underwent changes to enhance the likelihood of success by exploring alternative methods to overcome security measures. Malware has become increasingly difficult to detect and combat. The criminals began to allocate additional time to the reconnaissance stage in order to pinpoint and focus on the most vulnerable information. Groups such as Maze and LockBit began to extract the company’s data and introduced the additional risk of a public data leak alongside the encryption, a tactic referred to as double extortion.

“Since then,” he noted, “ransomware attackers have also begun targeting the backups to render recovery impossible or excessively expensive, compelling the victims to pay the ransom.”

Backups are currently down, while ransom demands are on the rise.

According to Sophos, people who had their backups compromised faced ransom demands that were typically more than twice as high as those who were not. For victims with compromised backups, the median ransom demands amounted to US$2.3 million, while those with uncompromised backups faced demands of $1 million.

Backups are essential for the smooth operation of organizations. According to Darren Guccione, CEO of Keeper Security, a password management and online storage company in Chicago, if the backup is compromised and the organization falls victim to a cyberattack, they may become more desperate to regain access to their networks and data.

“Attackers are well aware of the impact of denying access to backups, which leaves organizations in a vulnerable position and with limited choices other than complying with exorbitant ransom demands in order to retrieve their data,” he explained to TechNewsWorld.

The Sophos research provided evidence to support the fact that organizations with compromised backups are unable to negotiate with ransomware actors. It was discovered that individuals who had compromised backups ended up paying an average of 98% of the ransom demanded, while those without compromised backups paid 82%.

According to the report, organizations that had their backups compromised were significantly more inclined to pay the ransom in order to retrieve their encrypted data (67%), compared to those whose backups remained unaffected (36%).

Increased Cost of Restoration
Victims who have compromised backups not only face the burden of paying higher ransoms, but they also incur additional costs when it comes to recovering from an attack.

The median overall recovery costs for organizations whose backups were compromised were eight times higher at $3 million, compared to those whose backups were not impacted at $375,000.

Guccione outlined the various expenses that organizations face when they become targets of ransomware attacks. These include the financial impact of disrupted operations and harm to their reputation, the extensive efforts required for recovery in the short and long term, the actual ransom payment, and the potential consequences of fines and legal obligations.

“When a ransomware attack affects backups as well, it greatly extends the restoration process. Organizations are then required to rebuild their systems, data, and other crucial configurations,” he explained. If a breach involves a loss of sensitive data, especially if it includes personally identifiable information or falls under data protection regulations like GDPR or HIPAA, organizations may face additional legal and regulatory expenses.

As per the Sophos report, organizations with compromised backups experience longer recovery times from ransomware attacks. Just 26% of individuals who had their backups compromised were able to recover within a week after an attack, in contrast to 46% of those who did not have compromised backups.

Offline Backups: Balancing Security and Cost
There are various factors that contribute to the difference in restoration times between organizations with compromised and uncompromised backups, as highlighted in the report. One significant factor is the extra effort required to restore data from decrypted sources instead of well-prepared backups. Additionally, the presence of weaker backup protection may suggest less resilient defenses and a greater need for subsequent rebuilding efforts, according to the statement.

According to Narayana Pappu, the CEO of Zendata, a data collection, management, and sharing company based in San Francisco, backups usually lack the same level of security controls as production systems.

“Implementing logging, security measures, access controls, and testing on backup systems would be highly beneficial,” he advised TechNewsWorld. In addition, it is crucial to have redundant backups stored in various locations, including both cloud storage and offline storage. Implementing a comprehensive disaster recovery strategy can significantly minimize downtime.

According to Fechner, offline backups are effective in protecting against threats to backups, but they can also be quite costly. “Having backups that are offline and inaccessible to attackers is crucial,” he emphasized. However, considering the financial constraints faced by numerous organizations, particularly those in the small to medium business category, targeting backups remains a lucrative strategy for attackers.

As Editor here at GeekReply, I'm a big fan of all things Geeky. Most of my contributions to the site are technology related, but I'm also a big fan of video games. My genres of choice include RPGs, MMOs, Grand Strategy, and Simulation. If I'm not chasing after the latest gear on my MMO of choice, I'm here at GeekReply reporting on the latest in Geek culture.

Software

The United States has prohibited the sale of Kaspersky software due to concerns about security risks originating from Russia

blank

Published

on

blank

The United States government declared on Thursday its prohibition of the sale of Kaspersky antivirus within the nation and is urging American users of the software to transition to an alternative provider.

The Bureau of Industry and Security, a division of the Commerce Department, has implemented a unique ban on Kaspersky, claiming that the company, being headquartered in Russia, poses a threat to both U.S. national security and the privacy of its users.

Russia has demonstrated both the ability and the intention to utilize Russian companies, such as Kaspersky, to gather and weaponize the personal data of Americans. “Hence, we are obliged to undertake the course of action that we are currently implementing,” stated U.S. Commerce Secretary Gina Raimondo during a conference call with journalists.

Reuters was the first to report on the ban before it was officially announced. A representative from Kaspersky did not promptly reply to the inquiry for a comment.

Starting on July 20, Kaspersky will face a ban on selling its software to American consumers and businesses. However, the company will still be allowed to offer software and security updates to its current customers until September 29. Subsequently, Raimondo stated that Kaspersky would be prohibited from delivering software updates to customers in the United States.

“This implies that the quality of your software and services will decline.” Raimondo strongly advises finding an alternative to Kaspersky without delay.

Raimondo stated that U.S. consumers who are currently utilizing Kaspersky’s antivirus software are not in breach of any legal regulations.

Raimondo stated that individuals and businesses in the United States who currently use or have previously used Kaspersky products and services are not breaking the law, have not committed any wrongdoing, and will not face any legal consequences. “I strongly urge you to cease using that software and transition to an alternative as soon as possible to safeguard yourself, your data, and your family.”

Raimondo announced that the Department of Homeland Security and the Justice Department will collaborate to notify American consumers. Additionally, the U.S. government will establish a website to provide affected individuals with the necessary information to comprehend the rationale behind our actions and guide them in taking appropriate measures.

According to a high-ranking official from the U.S. Commerce Department, the federal cybersecurity agency CISA will engage in communication efforts with critical infrastructure organizations that rely on Kaspersky software in order to assist them in identifying alternative options. The official further stated that they have no intention of specifying any particular action by Kaspersky that prompted today’s decision. (The Commerce Department asked reporters not to reveal the official’s identity.)

The ban, which was announced on Thursday, represents the most recent intensification in a protracted sequence of measures taken by the U.S. government against Kaspersky, a company based in Moscow.

In September 2017, the Trump administration implemented a prohibition on the utilization of Kaspersky software by U.S. federal agencies due to concerns that the company may be coerced into assisting Russian intelligence agencies. In a previous report, it was disclosed that Russian state-sponsored hackers had illicitly acquired classified U.S. documents that were stored on the personal computer of an intelligence contractor. This breach occurred due to the use of Kaspersky’s antivirus software, making it the first documented case of espionage resulting from the use of this particular company’s software.

The Wall Street Journal reported in April 2023 that the decision to prohibit Kaspersky has been under development since last year.

According to the company itself, Kaspersky has more than 240,000 corporate clients globally and over 400 million individual customers. The senior official refrained from disclosing the exact number of U.S. customers that Kaspersky has. However, the official mentioned that there are a substantial number of customers, including critical infrastructure organizations as well as state and local government entities.

Continue Reading

Android

Google Chrome now has a ‘picture-in-picture’ feature

blank

Published

on

blank

Google is getting ready to make a big change to how its Chrome browser works. This is because new browsers from startups like Arc are making the market more competitive. The company said on Wednesday that it will be adding a new feature called “Minimized Custom Tabs” that will let users tap to switch between a native app and their web content. When you do this, the Custom Tab turns into a small window that floats above the content of the native app.

The new feature is all about using Custom Tabs, which is a feature in Android browsers that lets app developers make their own browser experience right in their app. Users don’t have to open their browser or a WebView, which doesn’t support all of the web platform’s features. Custom tabs let users stay in their app while browsing. Custom tabs can help developers keep users in their apps longer and keep them from leaving and never coming back.

blank

If you make the Custom Tab into a picture-in-picture window, switching to the web view might feel more natural, like you’re still in the native app. People who send their customers to a website to sign up for accounts or subscriptions might also find this change useful, since it makes it easier for users to switch between the website and the native app.

After being shrunk down to the picture-in-picture window, the Custom Tab can be pushed to the side of the screen. Users can tap on a down arrow to bring the page back to the picture-in-picture window when it is full screen.

The new web experience comes at a time when Google is making it easier for Android users to connect to the web. People can find their way to the web with AI-powered features like Circle to Search and other integrations that let them do things like circle or highlight items.

The change is coming to the newest version of Chrome (M124), and developers who already use Chrome’s Custom Tabs will see it automatically. Google says that the change only affects Chrome browsers, but it hopes that other browser makers will add changes like these.

Continue Reading

Apps

Threads finally starts its own program to check facts

blank

Published

on

blank

Meta’s latest social network, Threads, is launching its own fact-checking initiative after leveraging Instagram and Facebook’s networks for a brief period.

Adam Mosseri, the CEO of Instagram, stated that the company has recently implemented a feature that allows fact-checkers to assess and label false content on threads. Nevertheless, Mosseri refrained from providing specific information regarding the exact timing of the program’s implementation and whether it was restricted to certain geographical regions.

The fact-checking partners for Threads—which organizations are affiliated with Meta—are not clearly specified. We have requested additional information from the company and will revise the story accordingly upon receiving a response.

The upcoming U.S. elections appear to be the main driving force behind the decision. India is currently in the midst of its general elections. However, it is improbable that a social network would implement a fact-checking program specifically during an election cycle rather than initiating the project prior to the elections.

In December, Meta announced its intention to implement the fact-checking program on Threads.

“At present, we align the fact-check ratings from Facebook or Instagram with Threads. However, our objective is to empower fact-checking partners to evaluate and assign ratings to misinformation on the application,” Mosseri stated in a post during that period.

Continue Reading

Trending