Content, Channel partners, Content

Nearly All Cyberattackers Target Backups to Extort Ransoms, Veeam Says in New Study

Credit: Getty Images

Nearly 15% of organizations will see more than 80% of their data affected by a ransomware attack, according to a new study by data and anti-ransomware protector Veeam.

Backup Systems a Common Attack Surface

In more than 93% of the 3,000 instances Veeam studied, ransomware attacks were aimed at backups. In 75% of those events the attacks successfully hamstrung their victims’ ability to recover, Veeam said. That data “reinforc the criticality of immutability and air gapping” to ensure backups are protected, Veeam said.

Danny Allan, Veeam chief technology officer explained how organizations need to concentrate on effective ransomware preparedness by focusing on the basics:

“The report shows that today it’s not about if your organization will be the target of a cyberattack, but how often. Although security and prevention remain important, it’s critical that every organization focuses on how rapidly they can recover by making their organization more resilient.”

80% Paid Ransoms to End an Attack

Veeam’s 2023 Ransomware Trends Report, which offers insights from 1,200 impacted organizations, encompasses four different roles involved in cyber-preparedness and/or mitigation including, security professionals, CISOs or similar IT executives, IT Operations generalists, and backup administrators.

Here’s a sampling of the report’s key findings:

On paying ransoms...

  • 41% of organizations having a “do-not-pay” ransomware policy.
  • 80% of the organizations surveyed paid the ransom to end an attack and recover data, up 4% year-over-year.
  • 59% paid the ransom and were able to recover data but 21% paid the ransom yet still didn't get their data back.
  • 16% of organizations avoided paying ransom because they were able to recover from backups.
  • Worldwide, organizations able to recover data themselves without paying ransom is down from 19% in last year’s survey.

On backups...

  • In nearly all (93%) of cyber events, attackers attempted to attack the backup repositories, resulting in 75% of organizations losing at least some of their backup repositories during the attack. More than one-third (39%) of backup repositories were completely lost.
  • 82% of organizations use immutable clouds, 64% use immutable disks, and only 2% of organizations do not have immutability in at least one tier of their backup solution.

On cyber insurance...

  • 21% of organizations stated that ransomware is now specifically excluded from their policies.
  • 74% saw increased premiums, 43% saw increased deductibles, 10% saw coverage benefits reduced.

On incident response playbooks and backup...

  • 87% of organizations have a risk management program that drives their security road map.
  • 35% believe their program is working well.
  • 52% are seeking to improve their situation.
  • 13% do not yet have an established program.
  • The most common elements of the playbook in preparation against a cyberattack are clean backup copies and recurring verification that the backups are recoverable.
  • 60% of organizations say they still need significant improvement or complete overhauls between their backup and cyber teams to be prepared for a ransomware attack.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.