Imagine that you’ve been hit by a cyber attack. You’re scrambling to respond, get operations back on track and contain the damage. You think the worst is behind you.
Then you get the news: 43% of your data has been wiped out. Customer records, financial data, contracts — gone forever.
That’s how data destruction malware works. And according to Veeram’s global 2024 Ransomware Trends Report, these attacks are on the rise, putting many organizations at substantial risk of data loss and its consequences.
Data destruction is different
While traditional ransomware attacks focus on encrypting data and demanding ransom payment for release, many cybercriminals are shifting to purely destructive attacks.
These focus on corrupting or permanently deleting data, leaving companies with no ability to recover it even if they pay the ransom.
The high-profile Shamoon attack is an infamous early example. In 2012 it targeted Saudi Aramco and RasGas and wiped data from more than 30,000 computers as the virus spread from an infected machine to others on the network. Just two years later, Sony Pictures was targeted by a hacker group linked to North Korea with wiper malware that crippled its systems and resulted in a massive leak of confidential data.
Those motives can be political. Destructive malware is often deployed in conflicts or as part of broader geopolitical strategies to disrupt critical infrastructure or cause widespread damage. This was the case with the 2017 NotPetya attack, which was aimed at Ukraine but caused crippling global outages and crisis.
Other non-political motives include sabotage or even revenge stemming from insider threats or disgruntled individuals.
Reducing the risk
As with traditional malware, companies should take a multilayered approach to proactively defending against data destruction attacks. Key prevention and response strategies include:
- Back up and store data separately. Ensure data is backed up regularly, and that a locally stored backup is isolated from the main network. Doing so can reduce the impact of destructive malware attacks by enabling recovery even if data is destroyed.
- Be proactive about monitoring. Use threat intelligence and detection tools to quickly identify suspicious activity before it spreads across the network. Conduct regular vulnerability assessments to detect and close potential gaps.
- Develop a strong incident response plan. The focus should be on containing the damage, including quickly isolating infected systems. Develop a playbook and run regular disaster recovery drills to ensure your incident response team is prepared to execute quickly, minimizing downtime and data loss.
Visit the MxD Virtual Training Center for information on cybersecurity workforce training resources.