IT disaster recovery, cloud computing and information security news

Daisy

Ransomware attacks on corporate virtual drives are on the rise

Kroll Ontrack has reported that it is receiving a growing number of enquiries from corporates about how to recover from ransomware attacks.

While ransomware is not new, attacks have tended to focus in the past on home and small business computers and, increasingly, on mobile devices.  According to Kroll Ontrack, these attacks tend to happen in different clusters or strands that die out after about a month as anti-virus programmes are updated to deal with them. 

Methods adopted by ransomware hackers have evolved over time, from encrypting user files in a simple zip file to crypto-locker and Curve-Tor-Bitcoin (CTB) Locker technologies, of which the latter is used by criminals to encrypt and hide user data through the Tor network. Attacks tend to originate in regions where cyberattack legislation is absent or immature such as Africa, rather than the Europe and North America.

The new attacks on corporate systems involve hackers deleting virtual drives completely and replicating the files on their own servers.  The first time the companies know about the attack is when they find a note from the hacker where the virtual drives used to be, criticising their security arrangements and requesting payment for return of the data or threatening to sell it on the open market.

In a recent case dealt with by Kroll Ontrack, payment was demanded in the virtual currency Bitcoins in exchange for stolen data within two weeks or the user’s information would be auctioned off. Kroll Ontrack was successfully able to recover the customer’s data saving them from having to surrender to the demands of the criminals.

Shane Denyer, data recovery engineer at Kroll Ontrack said: “The methods used in ransomware attacks are constantly evolving, but our engineering team have developed their own methods to retrieve and restore data which mean that companies avoid having to make payments to criminal gangs just to get their information back.  We are seeing a definite move away from attacks that target large numbers of small business or home users towards more of a spearfishing approach where individual, larger corporations come under fire.”

Kroll Ontrack advises corporates to avoid ransomware attacks by:

  • Always keeping anti-virus software up-to-date;
  • Creating regular back-ups of corporate data on devices outside the network; and
  • Storing additional back-ups of virtual drives on devices at a different location.

www.krollontrack.co.uk



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.