Hacking collectives globally are taking ransomware attacks to new levels. They’re evading traditional enterprise prevention tactics by evolving their tactics and penetrating new targets, including the backup products companies have always viewed as an insurance policy.
In a recent U.S. Securities and Exchange Commission (SEC) 8-K form filing, a Fortune 500 company said it had “identified a systems intrusion in its technical environment.” The company later submitted a second filing, adding that data had been stolen in the attack.
A new novel tactic for cybercriminal groups exfiltrating or removing sensitive company data, according to Threat Post, “is to demolish backups, especially the Veeam recovery software—a move that can leave victims no choice but to pay the often exorbitant ransoms the criminals demand.”
Your organization can’t afford to be surprised by cybercriminals’ increasing boldness. With cryptocurrency adoption accelerating — think Bitcoin, Ethereum, and others — hackers’ tactics are likely to get even more aggressive.
At Cohesity Connect, we talked extensively about the evolving threat of ransomware and how the blast radius is increasing. This is what security experts are seeing:
Attackers use malware to encrypt production data.
Attackers destroy backups then move laterally inside of systems to encrypt production data.
Cyber threat actors encrypt and exfiltrate, or steal, data to expose or sell it unlawfully.
To protect your data and business reputation, you need a much stronger countermeasure than legacy backup. Traditional data management products haven’t evolved in nearly two decades. Yours is probably like many others, a multiple-point architecture (e.g., backup software, media servers, media agents, storage repositories, etc.) that’s caused data sprawl and makes your organization more vulnerable to today’s and tomorrow’s exploits.
That’s why cybercriminals that want to get paid are consistently launching ransomware 2.0-type attacks. They specifically target vulnerable backup systems! Often, these are initiated concurrently with 3.0 attacks leveraging so-called “double extortion” tactics and techniques.
So what is legacy backup missing that a next-gen data management solution provides to counter this threat? The answer is a reimagined approach to cyber resiliency with a comprehensive Threat Defense Architecture to counter bad actors at every stage.
Let’s zero-in on how next-gen stops cybercriminals from targeting backup data and systems (ransomware 2.0) in particular.
If, and when, bad actors launch ransomware 2.0 into your organization — assuming you only have legacy backup as a countermeasure — you realize just how under-protected your organization is to combat this cyber threat. That’s because once bad actors compromise and then destroy your legacy recovery environment, your ability to restore data is lost – and there’s almost no recourse to get it back, except to pay the ransom.
In contrast, next-gen data management has a multi-layered defense that begins with data resiliency capabilities: an encryption framework, fault tolerance, and the big one, immutable backups, WORM — and then provides additional features: strict access controls such as MFA, granular RBAC, auditing, continuous monitoring, air gapping and more.
Immutability, which legacy backups don’t have, is critical to cyber resiliency because immutable data can’t be tampered with, modified or removed. Law enforcement relies on it, for example, to protect the authenticity of bodycam video and audio surveillance footage. In a backup context, Immutability helps you avoid paying ransom while securing critical information, enforcing retention policies, and streamlining compliance.
As was the case in the SEC filing of the Fortune 500 company subject to attack, there’s really no way to stop cybercriminals from stealing your data and selling it on the dark web once bad actors breach your traditional backup product. In contrast, next-gen data management adopts zero-trust principles of continual access verification as a baseline and adds much more. This includes offering third-party extensibility and integration with existing security products you may already have such as SIEM/SOAR tools, and converging data security and data governance to help your organization identify and discover where sensitive data resides across both primary and secondary repositories.
While working in concert with other security products you already use, to identify sensitive data, next-gen capabilities go beyond relying on metadata and file extensions to establish accurate, content-aware classification of information that minimizes false positives when it comes to properly identifying where your most valued data assets reside. Once classified, the solution can analyze your data against various regulatory and compliance frameworks and alert you about hot spots or “overexposed” access rights, capabilites that will soon be introduced with Cohesity DataGovern
With next-gen data management, like Cohesity, you will soon be able to use (and customize) out-of-the-box remediation workflows to address business risk and exposure as a preventative measure against data exfiltration — taking advantage of AI-based user and entity behavioral analytics and continuous monitoring to flag suspicious behaviors. Near real-time alerts, for example, help you detect when bad actors or insiders posing a threat have compromised sensitive data with legitimate user credentials before they’re able to take it out of your environment.
Cyber extortion is becoming a big business that you can’t afford to ignore. Best to check that legacy backup “insurance policy” to be sure it is not letting your business down and putting your reputation at risk. Instead check out next-gen data management from Cohesity to counteract the increasing blast radius of ransomware and achieve cyber resiliency.
Learn more about how Cohesity can help you protect your data and your business reputation.