According to Gallicchio now is the “time to acknowledge how critical data backup has become, especially since many ransomware strains attempt to delete backup files, as we witnessed with Ryuk.”
Ryuk is a type of ransomware used in targeted attacks, where the threat actors make sure that essential files are encrypted. It is especially directed towards larger business units. Ryuk ransomware is derived primarily from the popular Hermes commodity ransomware that has been widely available on the dark web and hacker forums prior to 2018.
Gallicchio says there are two key focal points that need to be understood within the corporate world. These are defined as: “Most businesses are faced with two significant risks when it comes to backups: the theft and public disclosure of sensitive data, and the disruption of critical business functions. If either of these risks occur, organizations could endure devastating consequences. To make sure that doesn’t happen, organizations need to proactively put strategies in place to bolster protection against these threat actors.”
In terms of measures that can be adopted to stem the tide, Gallicchio recommends: “One way to do this is by ensuring that backups with all of the organization’s critical data are routinely, completely, and securely assessed –– as this is a necessary step in recovering from a possible ransomware attack.”
There are mainly three types of backup: full, differential, and incremental. Each should form part of a data backup strategy.
Furthermore, Gallicchio advises: “These backups should be encrypted so that sensitive data is not disclosed and stored in such a way that an organization can recover its data in a timely manner, as this is necessary to minimize disruption to business operations. Additionally, organizations should regularly revisit, and test disaster recovery and business continuity plans to validate that ransomware and other threats won’t impact the integrity of any backups.”
There are other measures that can be adopted. Gallicchio states: “Any highly important, sensitive data should be stored on an entirely separate network from the internal network.”
The advantages of this, says Gallicchio, are: “That way, if ransomware targets the desktop network, it cannot spread to the critical systems and cause complete chaos. While this is a long-term, and challenging strategy, it’s well worth the time and investment for organizations to counter the continuous risk of critical data loss.”