{"id":49700,"date":"2022-12-13T22:20:00","date_gmt":"2022-12-13T22:20:00","guid":{"rendered":"https:\/\/www.networkworld.com\/article\/3682659\/ransomware-it-s-coming-for-your-backup-servers.html#tk.rss_security"},"modified":"2022-12-13T22:20:00","modified_gmt":"2022-12-13T22:20:00","slug":"ransomware-its-coming-for-your-backup-servers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/ransomware-its-coming-for-your-backup-servers\/","title":{"rendered":"Ransomware: It\u2019s coming for your backup servers"},"content":{"rendered":"
<\/div>\n

Backup and recovery systems are at risk for two types of ransomware attacks: encryption and exfiltration \u2013 and most on-premises backup servers are wide open to both. This makes backup systems themselves the primary target of some ransomware groups, and warrants special attention.<\/p>\n

Hackers understand that backup servers are often under-protected and administered by junior personnel that are less well versed in information security. And it seems no one wants to do something about it lest they become the new backup expert responsible for the server. This is an age-old problem that can allow backup systems to pass under the radar of sound processes that protect most servers.<\/p>\n

It should be just the opposite. Backup server should be the most updated and secure systems in the data center<\/a>. They should be the hardest to login to as Administrator or root.  And they should require jumping through the most hoops to login remotely.<\/p>\n

An important role backup servers play is providing the means to recover from a ransomware attack without paying the ransom. They contain the data needed to rebuild the machines that have been encrypted by the ransomware, so ransomware groups try to encrypt the backups, too. The saddest line in any ransomware story is, \u201cand the backups were also encrypted.\u201d They are your last line of defense, and you must hold the line.<\/p>\n

That\u2019s the traditional ransomware attack, but data exfiltration is fast becoming a primary motivation for ransomware attackers who target backup servers. If bad actors can exfiltrate and decrypt your company\u2019s secrets via the backup server, they can extort you in a way that you cannot defend against: \u201cPay up or your company\u2019s most important (or worst) secrets will become public knowledge.\u201d Then they give you access to a web page where you can see the data they have, and your organization has little choice but to pay the ransom and hope they keep their promise. <\/p>\n

This strategy makes sense for ransomware groups. It\u2019s easier to go after the one server that definitely holds all of an organization\u2019s sensitive data than to successfully attack many servers that may hold some sensitive data.<\/p>\n