Arrow back

The Evolving Threat of Ransomware in 2019 and Beyond

15 November, 2019

For most businesses, ransomware is the great boogeyman, always lurking around the corner.

The prospect of walking into work one day to find all your data locked behind a paywall is a terrifying one, and worst of all, it’s far from a remote possibility.

Ransomware attacks in 2018 reached 204 million, a figure which is expected to be significantly higher in 2019. Indeed, 2019 has been a bumper year for ransomware attacks, with Q3 seeing a 37% increase in attacks over the previous quarter, according to Beazley.

From reputational damage to data loss, the costs associated with ransomware attacks are numerous, resulting in a hugely perilous situation for businesses of all sizes.

Curiously though, there is today a general comfort around ransomware attacks. Businesses are increasingly adapting to the reality of impending ransomware attacks by deploying backup software.

By regularly backing up your data, the idea goes, you can simply roll back your system to a point before it was locked down by a ransomware attack. Simple and effective, right? Well, not anymore.

Cybercriminals are many things, but lazy isn’t one of them. More recent strains of ransomware like Samas, MongoLock and Zenis - to name just a few - go the extra mile and actively search & destroy backup files, leaving businesses completely vulnerable to ransomware attacks once again.

That’s not all though, because some ransomware strains have been adapted to hide on a network for months at a time before becoming active. This means that any attempt to roll back to older (supposedly safe) backups results in an ‘attack loop’, where backing up only restarts the attack.

Far from breaking news, reports of Ransomware attacks deleting backups date back as far as April 2017, with one Veeam user posting:

“On 2/7 we were hit with Samas Ransomware. Of course I freaked but I felt confident driving into work that I was ok with backups… The server itself got wiped with Samas, but I still felt confident. I looked in the Veeam_Backups folder a few times on both Drobos and both were empty… I knew at that point they were gone.”

This evolving, ever-escalating threat is exactly why businesses should never stop adapting.

The approach to this new ransomware environment should be a two-pronged one: effective phishing training and backup software that is designed to manage advanced ransomware attacks.

Tackling the Modern Ransomware Environment

How Can Phishing Training Help Protect Organisations from Ransomware Threats?

Phishing attempts are, by far, the most common way for ransomware to enter a system. Although often considered separate threats, phishing and ransomware are typically found as a couple, with phishing emails directing people to files and web pages that will then install ransomware onto their system.

But how commonly is ransomware tied into phishing attempts? Well, an estimated 90% of cyber attacks begin with a phishing or spear-phishing email.

It’s a startling statistic and one which can’t be ignored in the battle against ransomware. Whilst hardware and software barriers offer some protection against phishing emails, they lose efficacy as soon as an email finds its way through.

That’s why it’s vital that your staff are trained to spot the signs of phishing emails before they click. Our award-winning Think Before You Click simulated phishing training measures your workforces susceptibility to phishing attacks, before directing affected members of staff to our unique training environment.

Think Before You Click can lower click rates by 74%, dramatically reducing an organisation's susceptibility to phishing emails and ransomware. However, no single solution can completely remove the potential of a member of your workforce falling victim to a phishing attack.

That’s where advanced backup support comes in to play.

How Can An Advanced Backup Provider Help Protect Organisations from Ransomware Threats?

When - not if - ransomware finds its way past your workforce, you need a backup solution to handle ransomware that finds its way past well-trained staff.

Solutions like Data2Vault’s Attack Loop prevention service, Powered by Asigra tackles increasingly intelligent ransomware viruses by offering multiple layers of protection, including:

  • Two-factor authentication for volume backup deletion, protecting from automated mass-deletion.
  • Variable naming for backup files to avoid auto-deletion.
  • Automatic scanning of files during backup and recovery.

By utilising these three protective layers, solutions like Asigra can help curb the effectiveness of ransomware attacks.

Together with effective workforce phishing training, the threat from ransomware attacks is almost completely curtailed, helping to protect your organisation's reputation and financial future.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance