Despite a recent decline in attacks, ransomware still poses significant threats to enterprises, as the attacks against healthcare organizations demonstrated this month. It is also becoming more capable. In particular, ransomware writers are aware that backups are an effective defense and are modifying their malware to track down and eliminate the backups.
Ransomware targeting backups
Ransomware will now delete any backups it happens to come across along the way, says Adam Kujawa, head of malware intelligence at Malwarebytes. For example, a common tactic for ransomware is to delete automatic copies of files that Windows creates. “So, if you go to system restore, you can’t revert back,” he said. “We’ve also seen them reach out to shared network drives.”