Recently, in May 2017 a ransomware named WannaCry was the matter of discussion among many organizations. The considerable damage WannaCry made to some of the corporate giants was constantly in the news and organizations were horrified due to the extensive loss in data. However, interestingly it didn’t take much time for the organizations to recover the lost data back from back-ups. Although this is a good thing, it may be an alarming situation if the enterprises are slowly adapting to ransomware, it is surely going to target advanced backup strategies.
How could ransomware target system backups?
When the user attempts to hold data located at the target for ransom, it can be difficult for the target to restore it from the backup. Most of the home users and municipal corporations don’t invest heavily on data backup and recovery systems and rely on the basic, built-in protection for their computers, laptops, and servers. This basic system, known as Windows Volume Shadow Copy is present in the editions since Server 2003 and XP and stores pictures of the files on an endpoint. As it is commonly used by home users as well as small businesses, the ransomware such as WannaCry have tools to delete it.
Ransomware like Locky, WannaCry, Cryptolocker, and CryptXXX are capable of deleting the volume shadow copies with the help of strings in command line. This is probably the reason why some ransomware variants failed to make much profit as most enterprises use more robust protections than just shadow copies. WannaCry hit enterprises rather than attacking small businesses or home users and as a result global companies with thousands of employees fell victim to its attack. Within an enterprise, data backup adoption is at extremely high levels while cloud backup and recovery comprise a high percentage of cloud-based investments. Companies have the best potential to overcome a ransomware attack by restoring from backup.
Conclusively, with a malware like WannaCry, it’s proven by the ransomware authors they can attack enterprises. However, they don’t have a persistent mechanism. Additionally, the enterprise backups are too robust to cause much damage as they are capable of retrieving data from backups within a day at most. Although the enterprise backup systems are sufficiently secured, there’s something really to worry about as hackers intelligently innovate ways to overcome these technical obstacles. So, companies must be prepared with the possibility of ransomware attacking their backups for encryption or deletion.
Visit http://www.netactivity.us/wannacry-ransomware-latest-hack-explained-and-prevention-tips for more details about how Net Activity, Inc. is helping organizations stay protected from the malicious malware attacks.