The Importance of Regular Backups in the Face of Evolving Cyber Threats
Regular backups are critical for data safety. A consistent backup schedule—preferably daily or weekly—safeguards your important files from inevitable data loss situations due to common events such as system crashes, malware infection, hard drive corruption, and failure. Recently, security researchers at Symantec discovered and analyzed new tools developed by the Play ransomware group, shedding light on current cyber threats.New Custom Tools Developed by Play Ransomware Group
The ransomware group has developed two custom tools in .NET, namely Grixba and VSS Copying Tool, to enhance the effectiveness of their cyberattacks.Grixba
Grixba is a network-scanning and information-stealing tool used to enumerate users and computers in a domain. It gathers information about security, backup, and remote administration software, providing attackers with vital data for planning their next steps.VSS Copying Tool
The VSS Copying Tool allows attackers to interact with the Volume Shadow Copy Service (VSS) via API calls, enabling them to steal files from existing shadow volume copies even when those files are in use by applications. Both tools are written using the Costura .NET development tool, making them standalone executables that require no dependencies, facilitating deployment on compromised systems.The Need for Redundant Backups
With the increasing sophistication of ransomware attacks, it is essential to back up your backups for several reasons:- Data Loss: Backups can become corrupt, damaged, or lost due to various factors. Having multiple backups reduces the risk of losing all your data.
- Redundancy: Storing backups in multiple locations minimizes the risk of data loss.
- Long-Term Retention: Backups may need to be retained for extended periods. Storing backups in multiple locations ensures availability when needed.
- Recovery Speed: Multiple backups enable faster data recovery in the event of a disaster.
- Peace of Mind: Having multiple backups provides reassurance that your data is protected and recoverable.