Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Recovery. Show all posts
protecting sensitive data
Cyber Security Data Loss Data Privacy Data protection Data Recovery data security protecting sensitive data

Why CEOs Must Go Beyond Backups and Build Strong Data Recovery Plans

 

We are living in an era where fast and effective solutions for data challenges are crucial. Relying solely on backups is no longer enough to guarantee business continuity in the face of cyberattacks, hardware failures, human error, or natural disasters. Every CEO must take responsibility for ensuring that their organization has a comprehensive data recovery plan that extends far beyond simple backups. 

Backups are not foolproof. They can fail, be misconfigured, or become corrupted, leaving organizations exposed at critical moments. Modern attackers are also increasingly targeting backup systems directly, making it impossible to restore data when needed. Even when functioning correctly, traditional backups are usually scheduled once a day and do not run in real time, putting businesses at risk of losing hours of valuable work. Recovery time is equally critical, as lengthy downtime caused by delays in data restoration can severely damage both reputation and revenue.  

Businesses often overestimate the security that traditional backups provide, only to discover their shortcomings when disaster strikes. A strong recovery plan should include proactive measures such as regular testing, simulated ransomware scenarios, and disaster recovery drills to ensure preparedness. Without this, the organization risks significant disruption and financial losses. 

The consequences of poor planning extend beyond operational setbacks. For companies handling sensitive personal or financial data, legal and compliance requirements demand advanced protection and recovery systems. Failure to comply can lead to legal penalties and fines in addition to reputational harm. To counter modern threats, organizations should adopt solutions like immutable backups, air-gapped storage, and secure cloud-based systems. While migrating to cloud storage may seem time-consuming, it offers resilience against physical damage and ensures that data cannot be lost through hardware failures alone. 

An effective recovery plan must be multi-layered. Following the 3-2-1 backup rule—keeping three copies of data, on two different media, with one offline—is widely recognized as best practice. Cloud-based disaster recovery platforms such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) should also be considered to provide automated failover and minimize downtime. Beyond technology, employee awareness is essential. IT and support staff should be well-trained and recovery protocols tested quarterly to confirm readiness. 

Communication plays a vital role in data recovery planning. How an organization communicates a disruption to clients can directly influence how much trust is retained. While some customers may inevitably be lost, a clear and transparent communication strategy can help preserve the majority. CEOs should also evaluate cyber insurance options to mitigate financial risks tied to recovery costs. 

Ultimately, backups are just snapshots of data, while a recovery plan acts as a comprehensive playbook for survival when disaster strikes. CEOs who neglect this responsibility risk severe financial losses, regulatory penalties, and even business closure. A well-designed, thoroughly tested recovery plan not only minimizes downtime but also protects revenue, client trust, and the long-term future of the organization.
Read more »
MSP
CISO best practices Cyber Attacks Cyber-recovery Cybersecurity measures cybersecurity solutions Data Recovery IT Industry MSP

Clarity, Control, And Recovery Define Effective Response To Cyberattacks For IT Teams And MSPs

 

When a cyberattack strikes, the impact is immediate. Systems slow down, files are locked, phones flood with alerts, and the pressure mounts by the second. The speed and precision of the response often determine whether the situation ends in recovery or spirals into disaster. What IT teams and managed service providers need most in these moments are clarity, control, and a dependable recovery path. Without them, even the most experienced professionals risk being overwhelmed as damage escalates. With them, organizations can act decisively, protect clients, and reduce the fallout. 

Clarity is often the first and most urgent requirement. Cyberattacks cause confusion because the nature of the threat is not always obvious at the start. Without a clear understanding of whether it is ransomware, phishing, insider activity, or some other form of compromise, teams are left to guess. Guesswork wastes time and can worsen the situation. Real-time visibility into anomalies such as suspicious login attempts, sudden file encryption, or unusual network traffic provides a unified picture of what is happening. This enables teams to see the blast radius, identify compromised systems, and determine which data remains safe. With clarity, chaos turns into something manageable, allowing quick decisions on isolating, preserving, or shutting down systems. 

Once clarity is achieved, control becomes the next critical step. Attacks often spread through privilege escalation, lateral movement, or data exfiltration. Containment prevents small breaches from becoming catastrophic. Rapidly isolating infected endpoints, revoking exploited credentials, and automatically enforcing protective policies are crucial for slowing or halting an attack. Effective incident response relies not only on tools but also on predefined roles, playbooks, and escalation paths, so teams know exactly what actions to take under pressure. Efficiency also matters: the more capabilities managed through a single interface, the faster the recovery. Integrated solutions such as endpoint detection and response or extended detection and response make it easier to contain incidents before they spread. 

Even after containment, damage may remain. Data can be encrypted, systems may be taken offline, and clients demand immediate answers. At this point, the most valuable resource is a reliable recovery lifeline. Secure backup systems provide assurance that even if primary operations are disrupted, organizations can restore data and systems. Backups that are immutable prevent ransomware from altering recovery points, while granular restore functions allow for quick access to specific files or applications. Disaster recovery solutions can even spin up workloads in secure environments while remediation continues. For IT teams, recovery prevents operations from grinding to a halt, and for MSPs, it preserves customer trust. 

Cyberattacks are not hypothetical but inevitable. The organizations that fare best are those that prepare in advance, investing in monitoring, building strong response playbooks, and deploying robust recovery solutions. Preparation does not eliminate attacks, but it makes the difference between manageable disruption and catastrophe.
Read more »
data security
3D Guns 3D Printing AI technology Cyber Security Cybersecurity measures Data collection Data Recovery data security

New Forensic System Tracks Ghost Guns Made With 3D Printing Using SIDE

 

The rapid rise of 3D printing has transformed manufacturing, offering efficient ways to produce tools, spare parts, and even art. But the same technology has also enabled the creation of “ghost guns” — firearms built outside regulated systems and nearly impossible to trace. These weapons have already been linked to crimes, including the 2024 murder of UnitedHealthcare CEO Brian Thompson, sparking concern among policymakers and law enforcement. 

Now, new research suggests that even if such weapons are broken into pieces, investigators may still be able to extract critical identifying details. Researchers from Washington University in St. Louis, led by Netanel Raviv, have developed a system called Secure Information Embedding and Extraction (SIDE). Unlike earlier fingerprinting methods that stored printer IDs, timestamps, or location data directly into printed objects, SIDE is designed to withstand tampering. 

Even if an object is deliberately smashed, the embedded information remains recoverable, giving investigators a powerful forensic tool. The SIDE framework is built on earlier research presented at the 2024 IEEE International Symposium on Information Theory, which introduced techniques for encoding data that could survive partial destruction. This new version adds enhanced security mechanisms, creating a more resilient system that could be integrated into 3D printers. 

The approach does not rely on obvious markings but instead uses loss-tolerant mathematical embedding to hide identifying information within the material itself. As a result, even fragments of plastic or resin may contain enough data to help reconstruct its origin. Such technology could help reduce the spread of ghost guns and make it more difficult for criminals to use 3D printing for illicit purposes. 

However, the system also raises questions about regulation and personal freedom. If fingerprinting becomes mandatory, even hobbyist printers used for harmless projects may be subject to oversight. This balance between improving security and protecting privacy is likely to spark debate as governments consider regulation. The potential uses of SIDE go far beyond weapons tracing. Any object created with a 3D printer could carry an invisible signature, allowing investigators to track timelines, production sources, and usage. 

Combined with artificial intelligence tools for pattern recognition, this could give law enforcement powerful new forensic capabilities. “This work opens up new ways to protect the public from the harmful aspects of 3D printing through a combination of mathematical contributions and new security mechanisms,” said Raviv, assistant professor of computer science and engineering at Washington University. He noted that while SIDE cannot guarantee protection against highly skilled attackers, it significantly raises the technical barriers for criminals seeking to avoid detection.
Read more »
Ransomware
Backups computer crime cryptocurrency Cyber Security Cybersecurity Data Recovery encryptor Hacking phishing Ransomware

The Evolution of Computer Crime: From Tinkering to Ransomware Threats

 



In the early days of computing, systems were relatively isolated, primarily reserved for academic and niche applications. Initial security incidents were more about experimentation gone wrong than intentional harm.

Today, the scenario is vastly different. Computers are everywhere—powering our homes, workplaces, and even critical infrastructure. With this increased reliance, new forms of cybercrime have emerged, driven by different motivations.

Computer crimes, which once revolved around simple scams and tech-savvy groups, have evolved. Modern attackers are more professional and devastating, often state-sponsored, like ransomware collectives.

A prime example of this evolution is ransomware. What began as simple criminal schemes has turned into a full-fledged industry, with criminals realizing that encrypting data and demanding payment is a highly lucrative enterprise.

Ransomware attacks follow a predictable pattern. First, the attacker deploys an encryptor on the victim’s system, locking them out. Then, they make their presence known through alarms and ransom demands. Finally, if the ransom is paid, some attackers provide a tool to decrypt the data, though others might threaten public exposure of sensitive data instead.

However, ransomware attackers face two key challenges. The first is infiltrating the target system, often achieved through phishing tactics or exploiting vulnerabilities. Attacks like WannaCry highlight how these methods can devastate unprotected systems.

The second challenge is receiving payment without revealing the attacker’s identity. Cryptocurrencies have helped solve this problem, allowing criminals to receive payments anonymously, making it harder for authorities to trace.

Preventing ransomware isn’t solely about avoiding the initial attack; it’s also about having a recovery strategy. Regular backups and proper employee training on cybersecurity protocols are crucial. Resilient companies use backup strategies to ensure they can restore systems quickly without paying ransoms.

However, backups must be thoroughly tested and isolated from the main system to prevent infection. Many companies fail to adequately test their backups, leading to a difficult recovery process in the event of an attack.

While ransomware isn’t a new concept in technical terms, its economic implications make it a growing threat. Cybercriminals can now act more ruthlessly and target industries that can afford to pay high ransoms. As these attacks become more common, companies must prepare to mitigate the damage and avoid paying ransoms altogether
Read more »
Gmail Hack
2FA 2FA bypass Cyber Security Data Recovery email database discovery Gmail checkmark system Gmail Hack

How to Recover a Hacked Gmail Account Even After a Security Breach

 

Having your Gmail account hacked can feel like a nightmare, especially when recovery details like phone numbers and email addresses have been changed by a hacker. Fortunately, recovering a compromised account is still possible, even if most security and recovery options have been altered. Google’s account recovery system is designed to assist users in situations where hackers manage to bypass protections, such as two-factor authentication (2FA). The key is to begin the process from a device and location you frequently use to access your Gmail account. This could be your home or workplace, using the same browser or device. Providing as much accurate information as possible, such as previous passwords, is critical to proving ownership of the account and speeding up the process. 

There’s also a delay system in place that can put recovery requests on hold for a few hours or even several days, depending on the level of risk involved. While frustrating, this measure is a security feature designed to protect accounts from unauthorized access. If acted upon quickly, users may still be able to recover their account using the original recovery information, such as a phone number or email address, for up to seven days after the details are changed. 

If recovery through Google’s automated system is proving difficult, users with linked YouTube accounts have sometimes found success by contacting YouTube support. Social media channels have also proven helpful in expediting the recovery process in more complex cases.  

The question remains, how do hackers bypass Gmail’s security systems? One common method is session cookie theft, which involves stealing the data that keeps users logged in after 2FA has already been verified. By taking over these session cookies, hackers can change your account’s security settings without needing to go through 2FA again. 

To protect against these types of attacks in the future, Google recommends steps like using passkeys, which are more secure than SMS-based 2FA. Passkeys are resistant to phishing and hacking attempts that steal session cookies. Additionally, Google has implemented protective measures like frequent cookie rotation and device-bound session credentials to limit the effectiveness of such attacks. Taking proactive steps like enabling these features and always monitoring account activity can help you avoid falling victim to similar hacking attempts in the future.
Read more »
Ransomware attack
Ascension Ascension Health cyberattack Ascensions Health System Data Breach Data Recovery PHI PII Ransomware attack

Ascension Ransomware Attack: Worker Error Leads to Data Breach and Recovery Efforts

 

Ascension, one of the largest health systems in the country, recently revealed that a ransomware attack on its systems was due to a worker accidentally downloading a malicious file. The health system emphasized that this was likely an honest mistake. Importantly, Ascension noted there is no evidence that data was taken from their Electronic Health Records (EHR) or other clinical systems, where full patient records are securely stored. 

However, the attackers managed to access files containing Protected Health Information (PHI) and Personally Identifiable Information (PII) for certain individuals. With the help of third-party cybersecurity experts, Ascension has gathered evidence indicating that the attackers extracted files from a small number of file servers used primarily for daily tasks by its associates. These servers represent seven out of approximately 25,000 servers across Ascension’s network. 

Currently, Ascension is uncertain about the specific data affected and the identities of the impacted patients. To determine this, a comprehensive review and analysis of the compromised files is underway. Ascension has started this process, but it is a substantial task that will require significant time to complete. As a precaution, Ascension is offering complimentary credit monitoring and identity theft protection services to any patient or associate who requests it. Those interested can call the dedicated call center at 1-888-498-8066. 

The cyberattack, reported on May 8, caused significant disruptions, including shutting down access to electronic health records across Ascension’s 140 hospitals and leading to delays in patient care. On a positive note, Ascension announced on Friday that EHR access has been restored across its hospitals. This restoration means that clinical workflows in their hospitals and clinics are functioning similarly to pre-attack conditions, improving efficiencies in appointment scheduling, wait times, and prescription fulfillment. However, medical records and other information collected between May 8 and the date of local EHR restoration may be temporarily inaccessible.  

Despite this progress, the investigation into the incident is ongoing, along with efforts to remediate additional systems. The cyberattack on Ascension is part of a larger trend of ransomware attacks targeting healthcare systems. In a related incident, Change Healthcare, affiliated with UnitedHealthcare, faced a ransomware attack on February 21. UnitedHealth Group CEO Andrew Witty disclosed to a House subcommittee that he paid $22 million in bitcoin to protect patient information during this attack. 

Ascension has not made any statements about ransom payments but confirmed last month that the attack was ransomware-related, with class action lawsuits citing a Black Basta ransomware attack. As Ascension continues its recovery and investigation, it underscores the need for heightened cybersecurity measures and vigilance to protect sensitive health information from cyber threats.
Read more »
victim response
Coveware Cyber Threats Cybersecurity Data Breach Data Recovery industry collaboration Law Enforcement ransom payments Ransomware victim response

Increasing Number of Ransomware Targets Opting Against Ransom Payments

 

For an extended period, ransomware groups have instilled fear in various organizations, including businesses, schools, and hospitals. However, there is a positive shift as an increasing number of victims are now rejecting ransom demands.

In the fourth quarter, the percentage of victims succumbing to ransom payments reached an all-time low, standing at a mere 29%, according to cybersecurity provider Coveware, specializing in assisting companies against ransomware attacks. 

This decline is not an isolated incident but part of a growing trend that commenced approximately three years ago when around 60% of victims yielded to ransomware demands. Coveware attributes this change to the enhanced capabilities of the industry in responding to successful ransomware incidents. Despite these attacks having the potential to encrypt entire networks and pilfer sensitive information, many companies are now able to recover using their own backups.

Moreover, there is a heightened awareness among victims that paying a ransom provides no assurance of data deletion. Instead, there is a risk that the stolen data might be traded clandestinely to other cybercriminal groups, and the ransomware gang could exploit the information to target the victim again.

Coveware notes, "The industry continues to get smarter on what can and cannot be reasonably obtained with a ransom payment. This has led to better guidance to victims and fewer payments for intangible assurances." 

However, on the downside, ransomware groups are still extracting substantial funds from those who choose to pay up. In Q4, the average ransomware payment soared to $568,705, up from $408,644 a year earlier. Simultaneously, the number of data breaches in 2023 set a new record at 3,205 publicly known compromises, as reported by the Identity Theft Resource Center.

Coveware emphasizes the need for a united front against the ransomware menace, urging the industry to establish stronger collaborations with law enforcement on a continuous basis rather than seeking assistance only during a ransomware attack. 

The company highlights that less than 10% of victims contacted by law enforcement for further assistance in the aftermath of a ransomware incident actually continue to collaborate. This lack of follow-through impedes law enforcement efforts, as proper evidence collection from victims is crucial to concluding investigations. Coveware's data reveals that the majority of ransomware victims are small to medium-sized businesses with employee headcounts below 1,000 people.
Read more »
Ransomware Gang
Cyber Crime Data Backup Data Recovery Online Security Ransom Ransomware Gang

Backups can be Quicker and Less Expensive than Paying the Ransom

 

Ransomware operators want to spend as little time as possible within your systems, which means the encryption they use is shoddy and frequently corrupts your data. 

As a result, paying ransoms is typically a more expensive chore than simply refusing to pay and working from our own backups. That is the perspective of Richard Addiscott, a senior director analyst at Gartner. 

"They encrypt at an extremely fast rate," he said on Monday at the firm's IT Infrastructure, Operations, and Cloud Strategies Conference 2023 in Sydney. "They encrypt faster than you can run a directory listing."

Therefore, ransomware creators use poor encryption techniques and end up losing some of the data they later try to sell you. If ransomware operators deliver all the data they claim, Addiscott said, it is not simple to restore from corrupt data dumps delivered by criminals. Many people don't; instead, they start a new round of discussions regarding the cost of more releases by demanding a ransom. 

According to him, just 4% of ransomware victims actually manage to get all of their data back. Only 61 percent actually retrieve any data. Additionally, the average disruption to a victim's business is 25 days. 

Addiscott proposed that organisations design and practise ransomware recovery playbooks to shorten the period. Securing funding to prepare for a speedy post-ransomware recovery requires couching the risk in business terms rather than IT terms. 

According to Addiscott, the themes that are likely to release the purse strings are revenue protection, risk reduction, and cost control. Although he shook his head as he recalled instances when business leaders authorised enormous and speedy ransom payments that dwarfed the denied investments that may have rendered them unnecessary. 

He advised good preparation because ransomware crooks have figured out one technique to speed up stalled payment negotiations: whacking their victims with a DDoS attack, so they're battling two fires at once, and are thus willing to pay to make at least one problem go away. 

Ransomware operators also like to double-dip by demanding payment from the organisations whose data they have stolen, then mining the data to locate new targets. Addiscott mentioned an attack on a healthcare provider in which clients were confronted with a payment demand or their medical records will be revealed. 

Customers identified in a stolen data heist may be targeted with the suggestion that they notify suppliers that they want payments made in order to reduce the risk of their data being disclosed. Immutable backups and an isolated recovery environment, according to Addiscott, are a good combination of defences. 

However, he also stated that the people behind ransomware are brilliant, vicious, inventive, and relentless, so they will find new and even more nefarious ways to strike. 

The analyst did have one piece of good news: there would be a 21% decrease in ransomware attacks in 2022 compared to 2021. He hypothesised that the decline was caused by sanctions making it more difficult for Russian-based ransomware groups to operate.
Read more »
Subscribe to: Posts (Atom)