As ransomware has become a matter of “when” rather than “if”, a ransomware recovery plan is as important as a business plan. With a documented and tested ransomware recovery plan, organizations, big and small, can make sure that their critical operations can recover quickly and critical information, such as PII, PHI, etc. is safe from ransomware.Ransomware attacks continue to grow in number, scale, and complexity. To make sure your critical data is protected, plan and prepare beforehand with backup and DR that uses air-gapping and immutability.
For more information visit : https://stonefly.com/storage/nas-storage
1. What Ransomware Taught us in
2021
As the world adjusted to remote and hybrid work model in 2021, ransomware
wreaked havoc globally. From high profile targets to SMBs, ransomware attacks
affected all industries and organizations of every scale.
In addition to the financial costs, ransomware disrupted healthcare, legislation,
services, education, retail, and more. In this blog, we summarize the lessons
learned from ransomware attacks in 2021, so that you can better prepare for
them in the future.
Ransomware attacks are growing in number, scale,
and complexity
Search Search
Recent Posts
Recent
Products Solutions Company Resources Downloads Blog Partners Contact Us Shop
0 Items
StoneFly Technical Support 510-265-1616 My Account
2. 37% of organizations worldwide said they were victims to some sort of a
ransomware attack in 2021, according to IDC’s “2021 Ransomware Study”. The
number of ransomware attacks increased in each quarter of 2021, exceeding the
total number of ransomware attacks in 2020 by October 2021. Not only did the
number of ransomware attacks increased but also the scale and complexity.
The Financial Crimes Enforcement Network (FinCEN) identified $590 million
ransomware-related activity in the first 6 months of 2021 – a 42% increase from
the $416 million in 2020.
In 2021, we noticed more high-profile victims than ever before, such as:
In March 2021, the Taiwanese PC manufacturer Acer was attacked by REvil
ransomware group leading to the highest ransom demand ever: $50 million.
In May 2021, Eastern US experienced a disruption in the flow of oil due to the
ransomware attack on Colonial Pipeline.
In June 2021, the US-based meat processing vendor JBS ended up paying $11
million to REvil ransomware group after the cyber-attack reduced the
company’s ability to package meat products.
In July 2021, the vulnerability in the remote management software of Kaseya
was exploited to target their customers worldwide in a supply chain attack. The
attack targeted government departments, legislative infrastructure, and
corporate businesses globally.
The method of delivery for ransomware also grew more diverse and
sophisticated in 2021. Common methods of delivery seen in 2021 included:
Phishing email campaigns: Socially engineered legitimate-looking emails that
attempt to trick the recipient into clicking a malicious URL or downloading a
Word, Excel, .PDF, or zip file attachment which delivers the payload and executes
malicious code in the background.
Exploiting vulnerabilities: Exploit vulnerabilities to infiltrate the network, deliver
malicious code and encrypt servers, notebooks, and all connected devices.
Examples include QLocker, Log4j (Log4shell), Microsoft Powershell, etc.
Drive-by downloads: Drive-by downloads exploit security flaws in applications,
operating systems, or web browsers due to unsuccessful or lack of updates to
deliver malicious code. Unlike other ransomware delivery methods, drive-by
downloads do not require the targets to actively enable the attack.
How to
Calculate and
Improve
Recovery Time
and Point
Objectives
From Backup to
Video Editing: 5
Use-Cases for
NAS Storage
Azure Backup vs
AWS Backup:
Which Cloud
Backup Solution
is More Secure
Safeguarding
Your Data: Best
Practices for
Secure Cloud
Storage
Maximizing Data
Protection with
Cloud Backup
and Recovery
Popular
3. Key Ransomware Trends in 2021: Supply Chain Attacks,
Double-Extortion Attacks, and Ransomware as a
Service
The following ransomware trends were more common in 2021:
Supply Chain Attacks: As opposed to carefully targeting and attacking a single
company, ransomware groups target managed service providers (MSPs) who
provide hardware/software to government and corporate organizations.
Example of supply chain attacks include Kaseya and Accelion attacks.
Double-Extortion Attacks: Conventionally, ransomware encrypts critical files and
demands ransom in exchange for a decryption key. Double-extortion attacks
take this a step further. In addition to encrypting files, the hackers also steal
sensitive information such as Personally Identifiable Information (PII), Personal
Health Information (PHI), financial information, etc. and threaten to publish them
unless the ransom is paid.
Ransomware as a Service (RaaS): In order to expand their operations,
ransomware groups make their malware code and infrastructure available to
malicious actors as a “pay-to-use” service. RaaS facilitates non-technical cyber-
criminals to launch sophisticated ransomware attacks in turn adding to the
number of cyber-incidents worldwide.
Ransomware targets in 2021 by industry
The common misconception is that ransomware attacks focus on large
enterprises or specific industries. The truth is that ransomware attacks pick no
favorites. While some industries are more affected than others, none are safe.
The most targeted sectors in 2021 were:
Government
Education
Healthcare
Services
Technology
Manufacturing
Retail
Finance
4. Backups alone are not enough – Air-gapping and
Immutability are necessary
Not long ago, it used to be that backups were enough to recover data from a
malicious data encryption. Ransomware has grown more sophisticated since
then. Today, ransomware not only targets production but also backup servers in
addition to shared storage devices and network-connected environment(s). Any
workload that is “live” and accessible is targeted by ransomware and encrypted.
As a result, data protection measures such as air-gapped backups and
immutable storage have become necessary. To ensure effective ransomware
protection, it’s important to set up a backup and disaster recovery (DR) system
that follows backup strategies such as the 3-2-1, 3-2-1-1-0, or 4-3-2.
Learn more about why air-gapping and immutability are necessary.
Ransomware recovery planning is necessary
As ransomware has become a matter of “when” rather than “if”, a ransomware
recovery plan is as important as a business plan. With a documented and tested
ransomware recovery plan, organizations, big and small, can make sure that their
critical operations can recover quickly and critical information, such as PII, PHI, etc.
is safe from ransomware.
This is exactly what we saw in 2021, organizations that had a ransomware
recovery plan were able to respond quicker and recover faster as compared to
organizations that didn’t.
Ransomware predictions 2022
Here is what to expect from ransomware in 2022:
Ransomware-Related Legislation Worldwide: According to Gartner, in 2021, 1%
of governments worldwide had some ransomware-related rules. This number is
expected to grow to 30% by 2025.
More High-Profile Attacks: Kela’s analysis of the dark web suggests that
hackers will focus more on organizations with over $100 million in revenue, using
RDP, VPN, and tools from vendors such as Cisco, VMware, Palo Alto Networks,
Citrix, and Fortinet.
5. Multiple Attacks on Victims: As noted by Crowdstrike, after successfully
attacking an organization’s network, ransomware groups sell information to
each other, allowing others to exploit known vulnerabilities and installed
malware. This behavior was seen in 2021 and is likely to increase in the coming
year.
How to protect mission-critical data from ransomware
attacks
As ransomware is constantly changing, there is no cure-all for it. The best way to
protect mission-critical assets from ransomware is to adopt a multi-layered
approach.
Train your employees: Human error is often the cause of a data breach and a
successful ransomware attack. As a great number of ransomware groups
continue to use phishing emails as a method of delivery, the ability to identify
them and act accordingly can reduce the chances of a ransomware attack.
Use multi-factor authentication (MFA): Protect admin access to your critical
servers, repositories, and virtual environments from unauthorized access and
brute force attacks using two-factor authentication or preferably multi-factor
authentication.
Firewalls and anti-ransomware: By using network firewalls and anti-
ransomware, you can prevent ransomware from gaining access and
automatically detect and remove dormant malware threads. While these
measures alone are not enough, they are an integral component of a reliable
multi-layered ransomware protection strategy.
Update/patch your systems regularly: Often times hackers exploit unpatched
vulnerabilities in operating systems and applications to gain access to and
plant malware bots in your network. By making sure that your systems are
updated and patched regularly, you can avoid these attacks.
Set up a reliable backup strategy: Make sure that your backup and disaster
recovery (DR) system follow a reliable backup strategy such as 3-2-1, 3-2-1-1-0,
or 4-3-2.
Air-gapping and immutability: Backups alone are no longer enough. It’s
important to use air-gapping and immutability in addition to backups to ensure
effective ransomware protection.
6. Conclusion
Ransomware attacks continue to grow in number, scale, and complexity. To make
sure your critical data is protected, plan and prepare beforehand with backup
and DR that uses air-gapping and immutability.
Don’t risk your business, prepare for ransomware before it attacks. Contact our
experts today to discuss your projects.
You May Also Like
7.
8.
9.
10. Send
GET IN TOUCH WITH US
Contact Name*
Company*
Phone* (extensions can be entered in the "Message" field)
Email Address*
Message
*All fields with an asterisk are required.
By submitting this request you agree to be contacted and receive
product information via email or call. You may unsubscribe at any
point.
ABOUT STONEFLY
Founded in 1996 and headquartered in Castro Valley – StoneFly, Inc. was established
with the vision to simplify, optimize and deliver high performance budget-friendly
data center solutions for SMBs, SMEs, and large enterprises. Beginning with its
registration of the iSCSI.com Internet domain name in March 1996, StoneFly has
made iSCSI into a standard which is now used by IT professionals around the world.
With over 24 years of innovation in data storage, hyperconverged infrastructure
(HCI), and backup and disaster recovery (DR) industries and technology partnerships
with market leaders like VMware, Veeam, Microsoft Azure, and AWS cloud, StoneFly’s
range of ever-growing data management products continue to grow and include
physical, virtual, and cloud solutions such as NAS, SAN, S3, unified NAS + SAN + S3
appliances, storage gateways, backup gateways, complete backup and DR systems,
RAID systems, IP video surveillance storage systems, data migration software and
more – powered by StoneFly’s patented 8th generation storage virtualization
software StoneFusion™ and integrated with enterprise features and data services.
Learn More