In 2020, a global IT service provider experienced a loss of up to $45 million (50 billion KRW) due to ransomware. Just like any other IT service provider, the company set up thorough and step-by-step security system in order to deal with ransomware. It was not in panic even when it found that its system was infected with ransomware as it backed up data in case of unforeseen situations. It did not think much of the hackers’ threat as it believed that it could simply restore backed-up data whenever it was possible.
Its attempt to restore backed-up data was useless when it tried to restore the data immediately without having any unnecessary negotiation with the hackers as the hackers already had a control of the company’s master server for backed-up data. Once a master server is infected, it is difficult to find out which data is stored in which system. As the company’s backup system was also infiltrated by the hackers, the company had no choice but to face a huge loss.
‘Ransomware’ that demands a fee to be paid for an encrypted system or data to be working again continues to affect global companies. As a result, companies continue to invest in security in order to deal with ransomware attacks. However, a simple investment in security should not be the only action that a company should take against cyberattacks. Security on backup servers is seen as the ultimate way to deal with ransomware as carelessness on backup server’s security can cause a situation that cannot be changed.
◊Master server for backed-up data becomes a new target for ransomware
Major security companies and agencies from South Korea and other countries picked ransomware as one of important keywords for security this year. According to Fortinet, number of ransomware attacks in the second half last year increased by seven times and ransomware is expected to be a serious cyber attack this year as well.
Financial burden on companies continues to increase as they face a global economic recession and fees from ransomware attacks. According to Coveware that specializes in ransomware, the amount of fees that companies had to pay for ransomware attacks in the third quarter last year was about $230,000 which is about three times higher than the fourth quarter of 2019.
Methods of ransomware attacks also continue to evolve. While hackers tried to infiltrate by randomly sending e-mails in the past, they now try to access private documents of companies by targeting specific people such as high-ranking executives.
As methods of ransomware attacks become more sophisticated, many companies have increased their investments in security in order to prevent their companies from ransomware attacks. As a result, hackers have been targeting backup systems that have relatively weak security.
In 2020, a major South Korean company had to halt business of major branches due to ransomware. Although the company had a backup server, the ransomware also infiltrated the server which made restoration of important data impossible. A same case also took place for a major South Korean website few years ago. Hackers deleted every backup by accessing the website’s backup server. As a result, the company that operated the website had no choice but to pay the amount requested by the hackers.
◊Companies tighten security on their backup servers as well to prevent ransomware attacks
Experts from the industry point out that there are no safe places against ransomware. A representative from the industry said that while many CIOs (chief information officer) and people who are responsible for security at companies say that they do not feel threatened against ransomware when companies have backup servers, many people who are responsible for managing backup servers say that there are many cases when companies become careless on their backup servers by believing that ransomware is part of the security field. The representative also said that most cases where companies are not able to recover their systems properly for few days even when they have security solutions for ransomware happen because their backup servers are also stolen by hackers.
Another representative said that companies will not be able to operate their backup systems that are covered with layers of security if their master servers are infected as such infection will lead to the hackers controlling control towers. The representative emphasized that there needs to be preparation towards hackers who try to target backup servers.
The financial circle or the public sector believes that separating network can protect servers from ransomware. However, experts advise that even a closed network environment cannot be safe from ransomware attacks.
“Even when networks are separated, hackers can try to use other media such as USB in order to infiltrate servers.” said Lee Jung-hyeon who is a professor at Soongsil University. “There needs to be overall preparations from a standpoint that there is no safe place from ransomware.”
Professor Lee also added that although companies and the public sector have been tightening their security due to increased number of ransomwares, they always have to check for any loophole as there is no perfect security and constantly monitor their backup systems and set up tightened security in order to be safe from cyberattacks from hackers and provide stable services.
Staff Reporter Kim, Jiseon | firstname.lastname@example.org