Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organizations suffered at least one cyber attack in the past year.
That’s according to the Veeam 2023 Ransomware trends report, recently launched at the company’s event in Florida. The survey questioned IT decision-makers in 1,200 affected organizations that had suffered around 3,000 ransomware attacks across 14 different countries in APJ, EMEA and the Americas.
The majority (80%) of victims surveyed paid the ransom to end an attack and recover data, even though 41% of organizations have a do-not-pay policy on ransomware. And while 59% paid the ransom and were able to recover their data, 21% paid the ransom but didn’t get their data back from the cyber criminals.
Only 16% of organizations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.
Veeam recently found itself on the wrong end of a vulnerability in its Backup & Replication product, with security researchers finding evidence that a cyber criminal gang had found a way past its defenses.
The company also recently added ransomware warranty payouts to its offer, but said it thought it would be unlikely to have to hand them out.
According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber incidents in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.
Attackers target backups because an organization’s best bet to avoid paying the ransom when a ransomware attack hits is to try to recover from its most recent good copies of data.
So it is key for organizations to have secure backups, immutable copies of data that they test regularly to ensure they can actually recover from the data retained there. Air-gaps between production environments are also recommended.
According to the Veeam survey, 82% use immutable clouds, 64% use immutable disks, and only 2% of organizations do not have immutability in at least one tier of their backup solution.
“The report shows that today it’s not about if your organization will be the target of a cyber attack, but how often. Although security and prevention remain important, it’s critical that every organization focuses on how rapidly they can recover by making their organization more resilient,” said Danny Allan, CTO at Veeam.
“We need to focus on effective ransomware preparedness by focusing on the basics, including strong security measures and testing both original data and backups, ensuring survivability of the backup solutions, and ensuring alignment across the backup and cyber teams for a unified stance.”
When respondents were asked how they ensure that data is clean during restoration, 44% of said they completed some form of isolated staging to re-scan data from backup repositories prior to its reintroduction to the production environment. That potentially means the other 56% run the risk of re-infecting the production environment by not testing for clean data during recovery.
Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.