Nextworks Logo
Back to Nextworks  

Are Your Backups Safe?

Examination
   

HOW EVEN YOUR BACKUPS MIGHT BE VULNERABLE IN A CYBERATTACK

January 2024 | Nextworks


Backups

The goal of most cyber criminals is this: transfer money from your bank account to theirs. Their strategy is initiated through deception and can often progress to extortion. Their techniques are typically not all that novel. They usually deploy tried and true schemes. We see these attacks time and again in our profession.


Deception Attack

If cybercriminals deceive you (or your staff) into sending money, then the unfortunate truth is that money is “Gone in 60 Seconds”. They pretend to be someone you work with, with all the apparent credentials, background, and context, to trick you into altering payment or ACH information and redirect funds to them.

Refer to our related 2022 article “How the #1 Email Scam Works” to understand this scam and learn how to stay safe.


Deception + Extortion Attack

Another technique is to use a deception technique to gain access to your computer and install software. Or they may even deceive you into installing their software. This is called a Trojan horse. For example, suppose you receive an email from Microsoft indicating that your mailbox is almost full. (You don’t notice that the email is not actually from Microsoft.) The email gives you a number to call or a chat link. You then work with a (presumed) Microsoft tech who claims to archive your old email to free up space. But instead, they install their software on your computer.

Refer to our related whitepaper "Email Authenticity Awareness" for tips to avoid this attack.

You then go on with your day. At this point you don’t know what’s coming.

The software installed on your computer begins to quietly encrypt all of your documents. If you have access to a file server, Dropbox, or OneDrive shared files, so does the Trojan horse. Your computer may spend all night encrypting away, without your knowing. This extends too all company files.

Alternatively, the Trojan hose may give the criminal remote access to your computer. This allows them to dig around at their leisure and focus their attack.

Soon thereafter, all files are inaccessible. When you try to open a document, you are greeted with a ransom note where to send cryptocurrency to unlock your files.


Backups to the Rescue… Maybe?

You can pay the ransom, and then hope that the cybercriminal gives you the keys to decrypt your data. Or you can choose not to comply, remove the Trojan horse, and restore all your data from a backup taken before your files were encrypted.

But are you ducks in a row? Do you have backups? Have your backups also been compromised?

It's possible that the Trojan horse has access to your backup volume effortlessly and automatically. Alternatively, if the Trojan gives the hackers access to your computer, they then may be able to find your backups, even if their location is not immediately apparent.


How Can I Protect My Backups?

Good backups are your main defense against encryption attacks. But good backups are often useless if they are not firewalled off from the rest of your network. You, your staff, and any possible Trojan horse they may install should not have access to your backups, be local and/or cloud hosted.

There are a few backup firewalling measures that can take place. Nextworks can implement a sound backup solution keeping your data under lock and key. Nextworks provides this security.

Goodbye to IT headaches and hello to IT proficiency. Locally owned and operated, Nextworks has earned a 5-star rating on Google. We guarantee IT cohesion in 30 days or less, or your money back.



Let Nextworks help to ease your IT burden.

Lean more about Nextworks IT Managed Services.



[ Return to News & Commentary home. ]

[ Return to Nextworks IT home. ]

Visit our Blog