Why cybercriminals specifically target backups

Why cybercriminals specifically target backups AI - MS

Share post

There are two main ways to recover encrypted data after a ransomware attack: restoring from backups and paying the ransom. The attackers also know this and try to deprive companies of a solution by attacking backups. 

Two problems, same cause: Complete recovery of data after a ransom payment is highly uncertain, because in case of doubt you cannot rely on a promise from cybercriminals. And restoring the data from the backups doesn't work in many cases because the cybercriminals have often encrypted them in order to dramatically increase the pressure on the victims to pay the ransom. Companies that don't have a protected backup in place are in a bind. It is therefore advisable to combine security and data backup to maximize the protection of backups and also rely on immutable backups.

Hard facts prove the risk

In a survey of nearly 3.000 IT and cybersecurity professionals worldwide conducted by market research firm Vanson Bourne on behalf of Sophos in early 2024, it became clear that the financial and operational impact of a backup compromise due to a ransomware attack is immense. Overall, four main findings from the survey stand out:

Insight 1

Ransomware attackers almost always try to compromise your backups. At 94 percent of companies affected by ransomware last year, cybercriminals attempted to compromise backups during the attack.

Insight 2

The success rate for compromises varies greatly depending on the industry. Across all industries, an average of 57 percent of backup compromise attempts were successful. Interestingly, there are big differences across different industries, from 79 percent in the energy, oil/gas and utilities sectors to 30 percent for the IT, technology and telecommunications sectors.

Insight 3

Ransom demands double when backups are compromised. On average, victims whose backups were compromised received ransom demands that were more than twice as high as those whose backups were not affected. The average ransom demands were $2,3 million (backups compromised) and $1 million (backups not compromised).

Insight 4

The cost of recovering from a ransomware attack is eight times higher when backups are compromised. Outages caused by ransomware, in addition to potential ransom payments, often have a significant impact on daily business operations. In addition, restoring IT systems is complex and expensive. The average total cost to recover from a ransomware attack for organizations whose backups were compromised averaged $3 million. That's eight times the amount of organizations whose backups were not affected, which spent an average of $375.000.

Important tips for protecting backups from ransomware

🔎 The success rate of attackers when attempting to compromise the backups is usually 50 percent or more (Image: Sophos).

With the help of security services such as Managed Detection and Response, companies can detect and stop malicious actors in the entire IT infrastructure around the clock - even before systems and thus backups are compromised. This is particularly helpful for companies that cannot operate their own security operations center (SOC) or do not have their own security specialists with forensics experience and 24×7 availability on their team.

It also makes sense to integrate the backup with the security ecosystem. Like all endpoints, backup systems should be continuously and actively protected against ransomware and other malicious damage. Protection is particularly effective when security or security services are an integral part of the backup solutions, as implemented by Sophos in cooperation with Arcserve and Veeam.

Additionally, the following three tips can significantly reduce the dangers of a ransomware attack:

  • Regularly create backups and store them in multiple locations, for example according to the 3-2-1 rule.
  • Enabling MFA (multi-factor authentication), especially on cloud backup accounts, to prevent attackers from gaining access.
  • Regular testing and practicing data recovery from backups. The more fluid the recovery process is, the faster and easier companies can recover from an attack.
  • Security monitoring and monitoring of backups in order to detect and respond to suspicious activities from potential attackers in a timely manner.
More at Sophos.com

 


About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.


 

Matching articles on the topic

Quantum resistance will become increasingly important in 2025

According to the predictions of a leading provider of cybersecurity solutions, companies will adapt their cybersecurity strategies in 2025: They will take the first steps in ➡ Read more

IT Security 2025: Data Destruction and Social Engineering with AI

In 2025, the risk of data loss for companies will increase significantly, as there are currently many attackers who delete data ➡ Read more

Ransomware attack on Fraunhofer Institute

A ransomware attack hit the Fraunhofer Institute for Industrial Engineering IAO in Stuttgart on December 27, 2024. The institute ➡ Read more

Encryption incomplete: Akira hackers become careless

Many companies give in to a ransomware attack and pay the criminals a ransom. But the attackers are also under time pressure ➡ Read more

Protection against AI jailbreaks through open source tool 

FuzzyAI, an open source framework, has so far found an AI jailbreak for every model tested. It helps companies identify vulnerabilities in their AI models ➡ Read more

Study: Danger from lack of post-quantum cryptography

The Entrust Cybersecurity Institute has published the results of a global survey on post-quantum cryptography, analyzing the extent to which companies are preparing for ➡ Read more

Cyberattacks: Smartphones increasingly a target 

There are approximately 16 billion mobile devices in use worldwide. Therefore, smartphones and tablets have become one of the preferred targets ➡ Read more

Security Trends 2025: AI is now part of the team

Security trends 2025: AI technology is becoming more and more important in IT security. Security teams should now view AI as another team member and work on a ➡ Read more