Backups Are Important Because Hackers Never Rest

by Jul 13, 2020

It’s an aspect of human nature that people tend to ignore repeated warnings that do not manifest themselves into real problems. Letting their guard down or minimizing protective measures is often the unfortunate response to longstanding vigilance that does not appear to pay concrete dividends. But just as in the fable of the boy who cried wolf, eventually the alert may indicate a truly dangerous situation and ignoring it can have catastrophic consequences.

IT teams can be lulled into a false sense of security by a lack of hacker attacks directed at their systems and computing environments. After all, it demands resources that are measured in time and manpower to provide extra protection that may seem to be overkill in some situations. It can be tempting to reduce the frequency of time-consuming and performance-impacting backup procedures when the risks do not seem to warrant them.

That would be a terrible mistake. A ransomware attack on a critical SQL server can cripple an organization with costs that dwarf those spent protecting the affected systems. While the overall number of ransomware attacks has fallen from its peak in 2016, the threat is still very real. The cost of ransomware incidents has grown both in the ransom demands and the cost of downtime to the impacted organization. It’s no time to take the risk of an attack any less seriously.

New Malware Variants

One of the problems that plague security experts in all fields is that they are tasked with protecting a stationary target. The criminals who attempt to subvert security efforts can quietly sharpen their weapons and are constantly coming up with new methods with which to attain their objectives. Hackers who have designs on taking down your SQL Servers for profit are hard at work developing new delivery vehicles with which to spread their destructive payloads.

Initial ransomware attacks simply encrypted files and demanded payment to decrypt the data. While this was bad enough, they have evolved to become even more destructive. New ransomware attacks often involve the theft or destruction of data before making financial demands. Hackers who had previously been involved in embedding crypto-mining bots on systems have been affected by the dropping prices of cryptocurrency. This has resulted in a return to the tried and true method of launching ransomware attacks to generate their ill-gotten profits.

Here are some of the more recent entrants in the ransomware pantheon that deserve your attention. The entities behind these attacks are directing attacks against organizations that cannot withstand extensive downtime in attempts to increase the probability that ransom demands will be met.

  • Ryuk – This targeted ransomware variant began appearing in 2018 and carefully targeted enterprises including a North Carolina water utility dealing with a hurricane. A malicious feature of this malware is that it can disable Windows System Restore which makes it harder to avoid meeting ransom demands.

  • Zeppelin – First making its appearance in late 2019, this malicious software evolved from a ransomware-as-a-service offering that was responsible for multiple attacks in Russia and Eastern Europe. Its focus is on attacking enterprises operating in the healthcare and technology sectors and has even delivered ransom notes that address the targeted organization. It is spread by various means including EXE or DLL files and some attacks have been linked to compromised managed security providers.

  • PureLocker – Here is another ransomware variant that targets high-value enterprise production servers. Rather than read through random phishing attacks, the software attacks systems that are already compromised with the more_eggs malware platform. It contains a level of intelligence that enables it to make several checks on an infected machine before commencing an attack.

This is just a small sampling of the dangerous software that may be aimed at your SQL Servers. Many preventative measures can be taken to lessen the probability that your systems will be successfully attacked. The problem is that a single slip-up can result in critical systems being held for ransom or destroyed.

Backups Are Your Last Line of Defense

The most reliable form of defense against ransomware attacks are viable backups of your important systems. This includes your SQL Servers and their associated data resources. Backups were always considered an important facet protecting information technology assets, but ransomware has raised the stakes considerably.

IDERA’s SQL Safe Backup is a robust backup and restore solution for your SQL Server environment. It contains features that make it easier to fully protect your systems without negatively impacting their performance.

  • The tool’s backup processes take advantage of advanced compression, disk-writing, and multi-threading technology to reduce the time required to protect your servers.

  • Object-level and point-in-time recovery allows you to exercise full control over how your systems are restored from backups.

  • You can instantly restore databases and use backup file on-demand support to satisfy user requests and applications while the restore operation completes in the background.

SQL Safe Backup is compatible with all versions of Microsoft SQL Server. It provides support for enterprise storage with EMC Data Domain and IBM TSM as well as cloud storage from Microsoft and Amazon. If you are concerned with the proliferation of ransomware, SQL Safe Backup is a great addition to your software defenses.