It’s not enough to back up data. That doesn’t necessarily guarantee total protection. Even if backups are hidden away in the network, you should never eliminate the thought of losing data.
The question you should ask yourself is this. Is the network safe enough to protect backups? If you think it is, then good for you. Still, that shouldn’t stop you from creating a security strategy to protect backups.
One sure way to avoid total data loss is to protect the network itself. With advanced persistent threats continuously progressing, no network is safe. That is scary.
Ransomware is one of the advanced persistent threats to networks these days. It stays quiet and undetected within the network. Eventually it steals data so that the ransom writer can sell it back to the owner. It’s simple extortion that could put any company out of business in no time.
There has been a tactical pivot in ransomware. It seems that ransomware writers have realized that large organizations have lots of money, and some do not have the best protection against infections. Newer ransomware is behaving as an advanced persistent threat, a piece of malware that tries to stay undetected in your network for some time to do the maximum amount of damage.
The APT will usually spread through your network, infecting as many computers as possible. Often, the malware will try to connect to a command-and-control server over the internet to report the progress of the infection and await the command to attack.
Unfortunately, these days the use of command and control or C &C server is evolving to do more damage to the network. It stays silent and undetected in the background so that it could have access to the network for a very long time, eventually endangering computers and backups.
A ransomware APT attack may start by stealthily spreading itself through your network and infecting all of your computers. It will then seek out file-based backups and valuable but older files to encrypt. The aim is to get as much of your infrastructure infected and encrypted — over a period of weeks or months — before you are alerted and can protect backups from ransomware. By slowly encrypting files, the ransomware is making the process of recovering from backups slow and expensive, perhaps more costly than paying the ransom. Once the infection is complete, and your backups contain a mix of encrypted and clean files, then it is time to detonate the ransomware. All of the infected machines will suddenly encrypt recently used files, and your applications will stop working.
Because the APT ransomware has been in the network for weeks before it detonates, it probably has been