A third can’t recover their data yet
Veeam presents the results of its Ransomware Trends Report 2022 at VeeamON 2022 and notes that cyber criminals can successfully encrypt an average of 47 percent of production data and victims can recover only 69 percent of the affected data
According to the Veeam Ransomware Trends Report 2022, companies are losing the battle when it comes to defending themselves against ransomware attacks. 72 Percent of companies were partially or completely affected by attacks on their backup repositories, which drastically affects the possibility of data recovery without paying the ransom. Veeam Software, a leading provider of backup, recovery and data management solutions for modern data protection, found that 80 percent of successful attacks targeted known vulnerabilities, underlining the importance of patches and software upgrades. Almost all attackers tried to make backup repositories unusable in order to prevent the victim from restoring the data without paying the ransom.
The Veeam Ransomware Trends Report 2022 reveals the findings of an independent research company that surveyed 1,000 IT executives whose companies have been successfully attacked by ransomware at least once in the past 12 months, making it one of the most comprehensive reports of its kind. This first study examines the key findings from these incidents, their impact on IT environments, and the steps taken to implement modern data protection strategies to ensure business continuity in the future. As part of the research project, four IT roles (CISOs, security experts, backup administrators and IT operations staff) were specifically interviewed in order to understand how cyber prevention is oriented in companies.
Danny Allan, CTO &SVP Product Strategy at Veeam
“Ransomware has revolutionized the enterprise of data theft and requires companies from all industries to make a concerted effort to maximize their ability to recover data without having to pay the ransom,” says Danny Allan, CTO &SVP, Product Strategy at Veeam **, “because paying cyber criminals to recover data is not a data protection strategy. There is no guarantee of data recovery, the risks of damage to reputation and loss of trust of customers are high, and most importantly, rewarding criminal activity in this way increases the incentive.“
Paying the ransom is not a recovery strategy
Of the companies surveyed, the majority (76 percent) paid the ransom to end an attack and recover data. 52 Percent paid the ransom and were able to recover the data, while 24 percent had paid the ransom but still could not recover data. The probability that the payment of the ransom will not lead to any data is therefore one in three companies. It is noteworthy that 19 percent of companies did not pay the ransom because they were able to recover their own data. This is what the remaining 81 percent must strive for: the recovery of data without paying the ransom.
“One of the hallmarks of a strong modern data protection strategy is the commitment to a clear policy that the company will never pay a ransom, but will do everything in its power to prevent attacks, fix incidents and recover from them,” adds Allan: “Despite the ubiquitous and inevitable threat of ransomware, the claim that companies are helpless to face it is not true. Educate your employees and make sure they practice impeccable digital hygiene; conduct rigorous testing of your data protection solutions and protocols on a regular basis and create detailed business continuity plans that prepare key stakeholders for worst-case scenarios.“
Prevention requires care on the part of IT and users
The “attack surface” for criminals is diverse. Cyber-villains most often gained access to production environments first by getting their victims to click on malicious links, visit unsafe websites or simply respond to phishing emails sent – which in turn shows that many incidents could have been avoided. After they successfully gained access to the environment, there was little difference in infection rates between servers in data centers, remote office platforms and servers hosted in the cloud. In most cases, the intruders exploited known vulnerabilities, including common operating systems and hypervisors, as well as NAS platforms and database servers, leaving no stone unturned and exploiting every unpatched or outdated software and vulnerability they could find. It is noteworthy that security experts and backup administrators reported significantly higher infection rates than IT managers or CISOs, suggesting that “those who are closer to the problem also notice more of the problems”.
Remediation begins with immutability
The survey participants confirmed that 94 percent of attackers tried to destroy backup repositories, and in 72 percent of cases this strategy was at least partially successful. This “capping the lifeline” of a company is a popular attack strategy, as it increases the likelihood that the victims will have no choice but to pay the ransom. The only way to protect against this scenario is to have at least one immutable or physically and logically isolated layer of protection anchored as part of the data backup infrastructure – which 95 percent of the companies surveyed now say they do. Many companies even stated that they have some level of immutability or air gap media in more than one layer of their disk, cloud and tape strategy.
Other important findings from the Veeam Ransomware Trends Report 2022 are:
Orchestration is important
To proactively ensure the recoverability of their systems, one in six IT teams (16 percent) automates the validation and recoverability of their backups to ensure that their servers are recoverable. When fixing a ransomware attack, 46 percent of respondents use an isolated sandbox or test area to ensure that the recovered data is “clean” before putting the systems back into operation.
The orientation of the organization must be uniform
81 Percent believe that their companies’ cyber and business continuity/disaster recovery strategies are aligned. However, 52 percent of respondents believe that the interaction between these teams needs to be improved.
The key lies in the diversification of repositories
Almost all companies (95 percent) have at least one immutable or a physically and logically isolated data backup layer. 74 Percent use cloud repositories that provide immutability; 67 percent use local disk repositories with immutability or locking feature; and 22 percent use tapes that are immutable. But, immutable or not, the companies found that in addition to disk repositories, 45 percent of production data is still stored on tape, and 62 percent is migrating to a cloud at some point in the data lifecycle.
About the report
Veeam commissioned independent market research firm Vanson Bourne to conduct a survey of 1,000 unbiased IT executives about the impact of ransomware in their environments, as well as their IT strategies and future privacy initiatives. The respondents represented companies of all sizes from 16 different countries in the APJ, EMEA and AMERICAS regions.