Skip to main content

Hackers have a new way of forcing ransomware payments

Bad actors are becoming craftier with their methods of ransomware attacks by targeting backup storage to force organizations to pay a ransom, according to the software company Veeam.

In the event of a ransomware attack, companies typically have two options: pay the ransom and hope that their data can be restored through a decryptor sent by the bad actors or ignore the ransom demands and restore their data via a backup option, TechRadar reports.


However, in its 2023 Ransomware Trends Report, Veeam found that ransomware hackers are going straight to the backup options to force companies to give in to ransom demands.

According to the company’s research that looked at 1,200 organizations that were victims of nearly 3,000 cyberattacks, Veeam claims that 93% of cases saw bad actors attempt to access backups during attacks. They were able to access backups, even partially, in 75% of those cases, while in 39% of cases, companies lost all of their backup data.

Experts at Veeam note that the best practice for organizations to protect against ransomware attacks is by having strong security measures for both original data and backup. The company recommends frequent, automated cyber-detection scans for backups, auto-verification for backup restoration, and using immutable sources — such as immutable clouds and immutable disks — as backup options to aid against data being deleted or corrupted.

While many organizations typically do pay the ransom when their data is compromised, this does not guarantee a recovery of data. Of the 80% of organizations that paid ransom demands, 59% were able to recover their data, while 21% were not, according to Veeam.

Paying ransom demands is up 4% year-on-year, while organizations using a backup option is down 19% year-on-year.

Ransomware attacks are becoming so lucrative that the notorious cybercriminal gang LockBit has set its sights on targeting macOS and Mac computers as of April. The never-before-seen ransomware might be a first for LockBit, as the gang typically develops on Windows, Linux, and virtual host machines.

The Mac-specific ransomware seems to target Apple Silicon Macs and is listed on the web under the build name locker_Apple_M1_64, according to the security research group MalwareHunterTeam.

The group notes that now that news of the ransomware is out in the open, Macs might be more susceptible to cyberattacks.

LockBit is known as a ransomware-as-a-service (RaaS) operation that allows others to purchase their nefarious products for their own unsavory tasks.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Hackers sink to new low by stealing Discord accounts in ransomware attacks
a faceless hacker in a black hoodie in front of a computer screen with lines of code on it

As if ransomware wasn’t terrifying enough already, hackers are now trying to hold your Discord account hostage, as well as your files. Thankfully, you can grab your Discord back if you act quickly enough.
This new ransomware campaign was recently discovered by leading cybersecurity firm Cyble, and it’s a particularly nasty one. A wave of similar attacks is emerging, including AXLocker, Octocrypt, and Alice. Ransomware encrypts files on the infected computer before demanding that you pay to decrypt your files to regain access.

Something uniquely cruel about AXLocker is that it also copies your Discord token and sends it to the hacker's server, giving them an opportunity to access and steal your Discord account. The malware is sneaky and leaves file names and extensions intact as it encrypts files so you might not notice anything is wrong until you see the ransom note.

Read more
Microsoft just gave you a great way to fight Windows brute-force attacks
Microsoft Security logo appears in the corner of a scene with IT workers at computers

As ransomware attacks continue to surge, Microsoft has taken a major step toward closing off one of the common methods of gaining unauthorized access to Windows computers. Known as brute-force attacks, repeated attempts are made at guessing the login password on one or more computers in a network.

Microsoft announced today that account lockout is available for local administrators in the latest cumulative update for Windows. This will automatically enable account lockout for new machines set up on Windows 11, version 22H2, as well as any new machine that gets the October 11, 2022 Windows cumulative update.

Read more
As ransomware hits this U.S. hospital, lives could be at risk
The CommonSpirit Health’s logo appears over the silhouette of a hacker.

A large U.S. hospital chain has been suffering from a serious security breach that has led to its computer records being taken offline. What seems to be a ransomware attack could be affecting the quality of health care provided, possibly even putting lives at risk.
According to the industry-focused news site HealthCareDive, the attack was described as an IT incident by CommonSpirit Health and reported on October 3, 2022. This is a huge hospital chain with 1,000 care sites and 140 hospitals nationwide so thousands of patients are affected. The current solution, according to a statement on CommonSpirit Health’s website, has been to take certain systems offline.

Like the rest of us, doctors and nurses are accustomed to the technology of the 21st century and have come to rely on computer records to take care of patients, plan care options, and organize data. Reverting to paper in an already hectic healthcare system must make the job torturous. We'll never know how many critical details slip through the cracks during a busy day.

Read more