Skip to main content

Hackers have a new way of forcing ransomware payments

Bad actors are becoming craftier with their methods of ransomware attacks by targeting backup storage to force organizations to pay a ransom, according to the software company Veeam.

In the event of a ransomware attack, companies typically have two options: pay the ransom and hope that their data can be restored through a decryptor sent by the bad actors or ignore the ransom demands and restore their data via a backup option, TechRadar reports.

Kaspersky

However, in its 2023 Ransomware Trends Report, Veeam found that ransomware hackers are going straight to the backup options to force companies to give in to ransom demands.

Recommended Videos

According to the company’s research that looked at 1,200 organizations that were victims of nearly 3,000 cyberattacks, Veeam claims that 93% of cases saw bad actors attempt to access backups during attacks. They were able to access backups, even partially, in 75% of those cases, while in 39% of cases, companies lost all of their backup data.

Please enable Javascript to view this content

Experts at Veeam note that the best practice for organizations to protect against ransomware attacks is by having strong security measures for both original data and backup. The company recommends frequent, automated cyber-detection scans for backups, auto-verification for backup restoration, and using immutable sources — such as immutable clouds and immutable disks — as backup options to aid against data being deleted or corrupted.

While many organizations typically do pay the ransom when their data is compromised, this does not guarantee a recovery of data. Of the 80% of organizations that paid ransom demands, 59% were able to recover their data, while 21% were not, according to Veeam.

Paying ransom demands is up 4% year-on-year, while organizations using a backup option is down 19% year-on-year.

Ransomware attacks are becoming so lucrative that the notorious cybercriminal gang LockBit has set its sights on targeting macOS and Mac computers as of April. The never-before-seen ransomware might be a first for LockBit, as the gang typically develops on Windows, Linux, and virtual host machines.

The Mac-specific ransomware seems to target Apple Silicon Macs and is listed on the web under the build name locker_Apple_M1_64, according to the security research group MalwareHunterTeam.

The group notes that now that news of the ransomware is out in the open, Macs might be more susceptible to cyberattacks.

LockBit is known as a ransomware-as-a-service (RaaS) operation that allows others to purchase their nefarious products for their own unsavory tasks.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Reddit hacker demands $4.5M and a change to new API rule
The Reddit app icon on an iOS Home screen.

Ransomware group BlackCat has claimed responsibility for the cyberattack on Reddit in February and is now demanding a $4.5 million payment to prevent it from publishing 80GB of data that it claims to have stolen from the site.

But that’s not all, as the group, which is also known as ALPHV, is insisting that Reddit also reverse the API price changes that have caused so much controversy just recently.

Read more
Hackers may have stolen the master key to another password manager
Open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more