Ransomware attacks on corporate virtual drives on the rise

Kroll Ontrack, the data recovery and ediscovery services provider, reports that it is receiving a growing number of enquiries from corporates about how to recover from ransomware attacks.

While ransomware is not new, attacks have tended to focus in the past on home and small business computers and, increasingly, on mobile devices.

According to Kroll Ontrack, these attacks tend to happen in different clusters or strands that die out after about a month as anti-virus programmes are updated to deal with them. 

Methods adopted by ransomware hackers have evolved over time, from encrypting user files in a simple zip file to crypto-locker and Curve-Tor-Bitcoin (CTB) Locker technologies, of which the latter is used by criminals to encrypt and hide user data through the Tor network.

Attacks tend to originate in regions where cyberattack legislation is absent or immature such as Africa, rather than the Europe and North America.

The new attacks on corporate systems involve hackers deleting virtual drives completely and replicating the files on their own servers.

The first time the companies know about the attack is when they find a note from the hacker where the virtual drives used to be, criticising their security arrangements and requesting payment for return of the data or threatening to sell it on the open market.

In a recent case dealt, payment was demanded in the virtual currency Bitcoin in exchange for stolen data within two weeks – or the user’s information would be auctioned off.

Kroll Ontrack says it was able to recover the customer’s data, saving them from having to surrender to the demands of the criminals.

Shane Denyer, data recovery engineer at Kroll Ontrack, said: “Earlier versions of ransomware have been broken down and antidotes are readily available. However, we are seeing more and more attacks on corporate systems and predict that there will be even more incidents as ransomware technologies continue to develop.

"The key is to ensure that data is always backed up on a regular basis and that reputable partners are involved in restoring data that is hacked.”

Kroll Ontrack advises corporates to avoid ransomware attacks by always keeping anti-virus software up-to-date, creating regular back-ups of corporate data on devices outside the network, and storing additional back-ups of virtual drives on devices at a different location.

The news comes as Allianz warns businesses they must prepare for a new generation of cyber risks.

The report highlights that cyber risks are evolving far beyond privacy or reputational issues, with the global cyber insurance market forecast to grow to over $20 billion by 2025.

In the UK, the cost of cyber-crime as a percentage of GDP is 0.16 per cent, with an estimated cost of $4.3 billion (£2.8 billion).

"Interconnectivity of devices and businesses drives new risk exposures with business interruption a key vulnerability, and catastrophic scenarios a possibility," said Allianz in a statement.

"Complexity of risk means businesses need to develop a cyber security culture with different stakeholders sharing risk management knowledge."

Image source: Shutterstock

Check Also

EPOS and Aston Martin F1 team strengthen audio partnership

EPOS has extended and expanded its partnership with the Aston Martin Aramco Cognizant F1 Team …