9 September 2015

Kroll Ontrack warns that ransomware attacks on corporate virtual drives are on the rise

  • Engineers report significant spike in enquiries about data recovery following ransomware attacks on virtual drives
  • Hackers download data and leave notes requesting payment and threatening that information will be sold

Epsom, 9 September 2015: Kroll Ontrack, the data recovery and ediscovery services provider, reports that it is receiving a growing number of enquiries from corporates about how to recover from ransomware attacks.

While ransomware is not new, attacks have tended to focus in the past on home and small business computers and, increasingly, on mobile devices.  According to Kroll Ontrack, these attacks tend to happen in different clusters or strands that die out after about a month as anti-virus programmes are updated to deal with them.

Methods adopted by ransomware hackers have evolved over time, from encrypting user files in a simple zip file to crypto-locker and Curve-Tor-Bitcoin (CTB) Locker technologies, of which the latter is used by criminals to encrypt and hide user data through the Tor network. Attacks tend to originate in regions where cyberattack legislation is absent or immature such as Africa, rather than the Europe and North America.

The new attacks on corporate systems involve hackers deleting virtual drives completely and replicating the files on their own servers.  The first time the companies know about the attack is when they find a note from the hacker where the virtual drives used to be, criticising their security arrangements and requesting payment for return of the data or threatening to sell it on the open market. In a recent case dealt with by Kroll Ontrack, payment was demanded in the virtual currency Bitcoins in exchange for stolen data within two weeks or the user’s information would be auctioned off. Kroll Ontrack was successfully able to recover the customer’s data saving them from having to surrender to the demands of the criminals.

Shane Denyer, Data Recovery Engineer at Kroll Ontrack said: “The methods used in ransomware attacks are constantly evolving, but our engineering team have developed their own methods to retrieve and restore data which mean that companies avoid having to make payments to criminal gangs just to get their information back.  We are seeing a definite move away from attacks that target large numbers of small business or home users towards more of a spearfishing approach where individual, larger corporations come under fire.”

Kroll Ontrack advises corporates to avoid ransomware attacks by:

  • Always keeping anti-virus software up-to-date;
  • Creating regular back-ups of corporate data on devices outside the network; and
  • Storing additional back-ups of virtual drives on devices at a different location.

Denyer concludes: “Earlier versions of ransomware have been broken down and antidotes are readily available. However, we are seeing more and more attacks on corporate systems and predict that there will be even more incidents as ransomware technologies continue to develop.  The key is to ensure that data is always backed up on a regular basis and that reputable partners are involved in restoring data that is hacked.”

About Kroll Ontrack

Kroll Ontrack provides technology-driven services and software to help legal, corporate and government entities as well as consumers manage, recover, search, analyse, and produce data efficiently and cost-effectively. In addition to its award-winning suite of software, Kroll Ontrack provides data recovery, data destruction, electronic discovery and document review services. For more information about Kroll Ontrack and its offerings please visit: Krollontrack.co.uk follow @KrollOntrackUK on Twitter or subscribe to the Kroll Ontrack Data Blog.

# # #

Media Contacts

Judith Massey - Judith.Massey@citigatedr.co.uk
Amrit Nijjer:  amrit.nijjer@citigatedr.co.uk
+44 (0) 207 282 2803