2 min

Tags in this article

, ,

New research by Veeam shows that attacks almost always (93%) target backups. That way, they try to force payment of the ransom.

The Veeam 2023 Ransomware Trends Report research was unveiled at the VeeamON conference. According to Jason Buffington and Dave Russell, who explained the results to Techzine just before the keynote, cybercriminals’ tactics are successful (75%) when it comes to taking away the victim’s recovery capability. They point out that immutability and air gapping, where backups are almost inaccessible and permissions are very limited, are crucial to protecting backup repositories.

By attacking the backup solution, cybercriminals deny the ability to restore and force the ransom payment. However, Veeam calls ensuring that backup repositories cannot be deleted or compromised a key tactic for security. “To do so, organizations must focus on immutability. The good news is that based on lessons learned from those who had been victims – 82% use immutable clouds, 64% use immutable disks, and only 2% of organizations do not have immutability in at least one tier of their backup solution,” Veeam said.

Not a question of if, but how often victimized

“The report shows that today it’s not about if your organization will be the target of a cyber-attack, but how often.  Although security and prevention remain important, it’s critical that every organization focuses on how rapidly they can recover by making their organization more resilient,” said CTO Danny Allan. In doing so, Allan is responding to the finding that one in seven organizations will see 80% of their data compromised by ransomware.

To pay or not to pay?

The study confirms that organizations need to be well prepared, because there is a good chance they will fall victim to ransomware. And then if they are victims, is it wise to pay? Several security experts will answer no to that question, simply because it funds cybercrime. When you reason it from the victim’s point of view, however, there is some logic behind it. After all, the victim wants to recover as quickly as possible to avoid long downtime and further damage.

Putting that next to the survey results, we see that four in five organizations pay the ransom to end an attack and recover data. Year-over-year, this is an increase of 4%. Remarkably, 41% of organizations have a “Do-Not-Pay” policy for ransomware. So it appears that this policy is not always followed when they are victims.

However, payment does not guarantee that recovery will actually succeed. 59% of companies paid and were able to recover data. In contrast, 21% paid the ransom but did not recover the data from the cybercriminals. 16% of organizations did not pay the ransom because they were able to recover using backups.

Also read: Veeam introduces Veeam Data Platform for greater protection and recovery