During August 2021, news broke that Advanced Technology Ventures was the victim of a ransomware attack. The company’s critical data encrypted, a common “double extortion” tactic, one often used by ransomware groups.
The issue came to attention via a letter to the Maine attorney general’s office from ATV. Here the company said it became aware of the attack on July 9 after its servers storing financial information had been encrypted by ransomware. Some weeks past before the company went public.
Providing an insight for Digital Journal is Cloudian CTO Gary Ogasawara.
In dissecting the attack, Ogasawara summarizes the incident and how ransomware works: “The Advanced Technology Ventures breach underscores two important facts about ransomware.”
Ogasawara explains these as:
- Organizations with particularly sensitive data are at an elevated risk for ransomware attacks.
By this Ogasawara means: “VC firms rely heavily on undisclosed private investors, and protecting those investors’ anonymity is key to their business. Hospitals, financial institutions and government agencies also manage extremely sensitive user data, which is why all of these sectors are common targets for ransomware.”
Consequently, Ogasawara says: “The stakes are higher, making victims more likely to pay ransom. If your organization stores highly sensitive data, it’s essential that you encrypt it both in flight and at rest, which makes it impossible for cybercriminals to read or expose that data in any intelligible form.”
- While it is not clear exactly what measures ATV had in place to prevent a ransomware attack, traditional defenses such as anti-malware software and anti-phishing training often fall short against increasingly sophisticated attacks.
This means, according to Ogasawara, that “Organizations need to ensure they can recover their data quickly and resume operations in the likely event that ransomware gets through.”
He sees “The best way to do so and also avoid paying ransom is by having an immutable backup copy of your data. Immutability prevents cybercriminals from being able to alter or delete the data, enabling you to restore an uninfected backup if attacked.”