An alert this week by the FBI warns of increased ransomware activity as we head into the weekend – https://us-cert.cisa.gov/ncas/alerts/aa21-243a.
According to Alert (AA21-243A), the FBI and CISA are sharing information to provide awareness to be especially diligent in network defense practices in the run up to holidays and weekends, based on recent actor tactics, techniques, and procedures (TTPs) and cyberattacks over holidays and weekends during the past few months. According to anti-ransomware expert Jim McGann, VP of Marketing at Index Engines, a company that helps organizations recover affected backup data after an attack.
1. What the return of REvil, Conti or other variants could mean for backup data
“We have seen some of the techniques attackers have started to use including making post-attack recovery more challenging by attacking and corrupting data backups. No doubt this will be more commonplace going forward as ransomware is being reinvented and will no doubt come back stronger and smarter.”
2. How companies can recover from the next attack
“Organizations have relied on their disaster recovery software to restore their environment after an attack. Cyber criminals know this and are focused on making this process more challenging. This includes corrupting or encrypting content or even backup images to have severe impact on the recovery process. We have seen many weeks or months of backups being corrupted which often comes as a surprise to the organization. The only way to ensure reliable recovery is to continually check the integrity of the backup data, this will allow for a confident and rapid recovery process.”
3. The best thing companies can do to prepare for the inevitable successful attack
“Cyber criminals want businesses to cease operations and pay exorbitant ransoms to recover. Their method of shutting down business operations is to encrypt or corrupt critical infrastructure like Active Directory, or product databases or key user content and intellectual property. This is their target. The best thing companies can do is to continually check the integrity of this content, make sure it is reliable and has not been tampered with”