When the backup becomes a problem during a ransomware attack

Cyber criminals also target backups with their encryption attacks. Why? Because this creates even more blackmail pressure and doubles the ransom sums.

The financial and operational impact of a ransomware attack is bad enough. However, if the cybercriminals also succeed in damaging or encrypting the backups, there is a high probability that a company will have to pay around double the ransom. According to a Sophos study of 2,974 IT/cybersecurity decision-makers in 14 countries, the total cost of recovery is eight times higher than for organizations whose backups are not affected.


Backup encryption is the criminal standard

Cybercrime is about money, a lot of money. And that is why all ransomware groups are now also trying to compromise backups in order to significantly increase the pressure of blackmail. The latest study by Sophos confirms this: For an average of 94 percent of respondents who were affected by ransomware, cybercriminals also attempted to encrypt the backups. This percentage varies at a high level in the sectors surveyed. For authorities at state and municipal level and in the media, leisure and entertainment sector, the percentage was as high as 99 percent. In the area of distribution and transportation, the fewest backup compromise attempts were identified, at 82 percent.

Success is known to confirm the tactics used

Attempts to compromise backups in order to extort even higher sums are not immediately successful. This is because cyber criminals do not reach their target in all attacks. The Sophos study shows this particularly clearly when comparing the different sectors. On average across all industries, 57 percent of cybercriminals were successful in damaging or encrypting backups.

In the energy, oil/gas and utilities sectors, the success rate was 79 percent, while in education it was 71 percent. By contrast, the success rate in IT, technology and telecommunications is only 30 percent and in retail 47 percent. This suggests that companies and organizations in the IT, telecommunications and technology sectors have stronger backup protection or may have been able to detect and stop compromise attempts in time.

Compromising backups costs organizations dearly

The international average ransom paid by companies whose backups were compromised was USD 2 million, almost double the amount paid by organizations whose backups remained intact (USD 1.062 million). In addition, companies and organizations with compromised backups were much less able to negotiate the ransom. On average, they paid 98 percent of the amount demanded. In contrast, ransomware victims with intact backups were able to reduce the ransom to 82 percent of the demand.


Weitere Artikel