Cyber Tips

Ransomware – worse than Kryptonite?

This period of history is not the first time the very essence of humanity has been challenged by a pandemic. In the Superman Comics, do you remember when Lex Luthor buries Superman under a mountain of kryptonite? ‘Krypton Virus X’ to be clear.

Superman is thought to have been killed by the deadly virus

Krypton’s Virus X is the deadliest disease in the universe. Superman caught it and the infection meant certain death. The Man of Steel had to isolate himself with no sign of a cure or risk unleashing an unstoppable pandemic.

Thanks to white Kryptonite, Superman is saved and re-powered to save humanity

A chance exposure to rare white kryptonite on his trip to the funeral pyre killed the virus, restoring Superman to full power.

In today’s world, the deadly criminal virus is Ransomware not Krypton Virus X

Ransomware is big business. Ransomware arguably represents one of the most insidious and dangerous threats that firms of all sizes (our business superheroes) currently face. Our claims experience and others have shown that the inability to access and recover from a ransomware attack may put the very survival of your company at risk.

Cybercriminals made off just under $350 million in ransomware attacks last year, according to Chainanalysis. That’s an increase of over 300% in the amount of ransom payments from the year before!

More scary stats

It’s not just the number of attacks that is increasing, but the stakes are too.

• A 2021 report from Palo Alto Networks estimates that the average ransom paid in 2020 was over $300,000 – a year-over-year increase of more than 170%.

• When an organization falls prey to cybercrime, the ransom is only one component of the financial cost. There are also remediation expenses — including lost orders, business downtime, consulting fees, and other unplanned expenses.

• The State of Ransomware 2021 report from Sophos found that the total cost of remediating a ransomware attack for a business averaged $1.85 million in 2021, up from $761,000 in 2020.

Our business clients’ (our heroes) white Kryptonite is at risk

The prevailing wisdom is that if you backup your critical data you can sidestep and recover from a ransomware attack. While this premise generally holds true, simply backing up your data no longer provides an absolute guarantee that you can recover from a ransomware attack. Ransomware is sharpening up its aim at our heroes’ backup software.

Businesses need to take a fresh look at their backup software to make sure that it has the right set of features to ensure they have a verifiable path to recovery.

Here are the three well tuned techniques experts have seen hackers successfully use to circumvent backups and made “good” backups bad.”

1. Finding and encrypting backups on network file shares.

Some backup products backup data to file shares accessible over corporate networks. Further, many organizations still use the default directory name created by these backup products to store these backups. The default names of these directories are readily accessible in the documentation published by backup providers. Some creators of ransomware figured this out a while ago. As part of their malware that find and encrypt data on production servers, they also probe corporate networks for these default backup directories and encrypt the backups in these directories. In so doing, they increase the possibility that companies cannot recover from backups.

2. Plant a ransomware “time bomb.”

When ransomware encrypts a company’s data, the encryption generally occurs as soon as or shortly after it gets onto the corporate network. However, ransomware continues to evolve. Rather than encrypting data as soon as it breaches the corporate firewall, it begins to infect the data but does not immediate encrypt it. Then, only after days, weeks, or even months go by does it initiate the encryption of the corporate data. In many respects, this is the worst type of ransomware attack. Not only is all of a company’s production data encrypted, the company thinks it has “good” backups and when it goes to restore the data, the restored data encrypts as well because it was infected when it was backed up. This may make it almost impossible for an organization to determine when it was initially infected and which of their backed up data they can reliably and confidently restore.

3. Hacking the backup software’s APIs.

A number of backup software editions have their own application programming interface (API) available to developers, including ransomware creators, who can also access these published APIs for malicious purposes and use them to encrypt existing backups.


Having the latest back-up solutions is vital for businesses. As you know, your clients can add BOXX’s Managed Back-Up and Recovery service to their Cyberboxx membership. Our team of experts can help your clients implement a data security strategy designed specifically for their business. If you want to learn more about how we can safeguard your data, AND your wallet, let us know.




Related Posts

Cyber Tales Insurance brokers take ‘Sneakers Challenge’

Insurance brokers take ‘Sneakers Challenge’

Why Summer? You may be taking a vacation, but we can promise you, hackers are not.

Cyber Tales Hackers and online scams

Hackers and online scams

Few Canadians were spared from the national outage experienced on Friday July 8th. Adding insult to injury, savvy hackers are using this outrage to their advantage.


Sign up for the BOXX Insurance Newsletter

Get the latest updates about Cyber Insurance and Protection with our newsletter.