We have your data, pay up! Or Ransomware on the rise.

We’ve encrypted your data. You want them back? Send BTC…

Ransomware attacks are rampant and growing. A hacker attacks your data, encrypts it and demands a ransom in cryptocurrency. According to statistics from Veeam, which develops backup and recovery solutions, 85% of organisations will have experienced at least one successful attack in 2022. The rest of them may not know about the attack yet. Hackers enter the system through the back door (attack vectors: vulnerability, firewall perimeter, employee unwittingly) and as a rule they operate quietly for some time and monitor what is going on.

The Czech Republic has also had its share. Let us recall, for example, the attack on the Brno University Hospital, which caused damage in the form of decimated infrastructure, lost data and scientific research worth CZK 150 million. But what we hear about in the media is only the tip of the iceberg. The companies do not want to talk about the assault. However, the number of cases is rapidly increasing (a lot). Attacks are basically on a daily basis and companies pay millions in ransom.

However, payment alone may not solve the problem. Hackers may want more money under the threat of informing other groups about the vulnerability of your system, or they may leave a loophole in your system and hack you again in the future.

Moreover, the funds spent on the payment cannot be accounted for in any way. The chance of data recovery after payment is 50:50. Just because hackers can encrypt data does not mean they can successfully decrypt it. For these reasons, the general recommendation is – DON’T PAY! You don’t negotiate with terrorists and hackers.

3 – 2‑1 – 1‑0

No, this is not the beginning of the Fibonacci sequence. This is Veeam’s extended Golden Backup Rule. What’s going on? Veeam advises to keep at least 3 different copies of the data, on 2 different media, with at least 1 copy in a different location. This rule has been extended to include additional parameters.

For maximum security, 1 of the backups should be immutable or located in an isolated “air-gapped” network. And finally, after automated verification of backups and restore options, there should be 0 error messages.

For the record, one of the media still used for off-site data archiving is magnetic data tapes. The IT cycle is coming full circle, as tapes were one of the first data media ever.

How do we get out of this?

The purpose is not mindless scaremongering. Prevention should be the watchword of the day, as well as employee training. The goal of companies is to ensure continuity of service delivery, which can be severely disrupted by data loss. In worse cases, it can mean the end of the line.

“Unfortunately, there is no one solution that will magically protect you against all attacks. You need to look at the whole company from the top and set a solid security and backup strategy that will be followed. Data is one of the most important assets of a company and the only way you won’t lose it,” says Jan Rys, Geetoo pre-sales director.

Think of it as an investment that will pay for itself several times over. Many entities are also facing a necessary update of their cybersecurity levels in light of the European NIS2 Directive, which comes into force next year.