Ransomware used to announce itself in a big bang as soon as it accessed your network.  It scared you, but restoring your backup would often resolve the problem. Since 2017, ransomware has been evolving. Hackers have realised they need to disrupt the backup and recovery processes to make it more likely an organisation will pay the ransom.

How has ransomware evolved?

The average period between Cyber breach and detection is now 207 days, Evolved Ransomware uses this time to infect Windows and MS365 data, including local and offsite backups, without detection.

The ransomware relies on busy, untrained staff letting it in and not spotting the breach.

It waits for just the right time and then BOOM!

1. Ransomware breaches your network, most likely via email.
2. It remains seemingly dormant, not detonating.
3. The ransomware is infecting your backups, as each backup takes place.
4. The backup cycle completes, between 30 & 90 days, and then...
5. The ransomware detonates, creating an Attack Loop.

On backup, your files are scanned in real-time, isolating malicious code and alerting administrators of infection.

Before restoration, files are scanned again to prevent the attack loop.

Our sophisticated malware detection engines identify both known and unknown malicious embedded code, including "zero day" attacks.

The best approach to this is to embed cybersecurity software inside the backup software, that scans for malware during backups and recoveries. Asigra’s Cloud Backup does exactly this and that is why Data2Vault recommends only Asigra. 

The Attack Loop service offers three layers of protection against the threat of Ransomware infection, the most comprehensive approach available today ... 

1. The scanning of file backup data for zero day exploits during the data collection and data restore process. This prevents Ransomware infected data being recovered into the network and creating an Attack Loop. 
2. The use of variable naming for all Asigra backup files, making them very difficult for Ransomware programs to locate. Advanced, but increasingly common strains of Ransomware such as SAMSAM, Zenis, SAMAS and CryptoWall locate and delete popular backup files before encrypting the user data. With the deletion of backup files the organisation is at high risk following a Ransomware incident. 
3. The Attack Loop service applies a 2 Factor Authentication check at the administration level to all mass deletion requests. If a Ransomware program tried to trigger a “delete all backup files” request this would pass to your system administrator.