Acronis Cyber Protect
formerly Acronis Cyber Backup

The new reality we all have entered has brought new challenges and new risks: specifically in cyberspace, as most businesses and individuals are required to go digital.

Criminal activity spikes during times of crises as cybercriminals choose to take advantage of the situation. Unfortunately, today’s situation is no exception. Not only are commercial businesses easy targets, but more concerning is the vulnerability of healthcare facilities such as hospitals, where the systems that care for patients and lab work are often linked.

At Acronis, we believe that we have a responsibility to the public. Therefore, we need to warn authorities and private organizations that we foresee a further increase in ransomware attacks targeting private and government hospital systems in the coming weeks. For example, we saw an increase of ransomware detections in Europe by 7% in the last week of February, followed by a 10% increase the week after.

Rise of Pysa (Mespinoza) ransomware

CERT France says some local governments have been infected with a new version of the Pysa (Mespinoza) ransomware. This week, the country’s cybersecurity agency issued an alert about a new criminal gang that has been using ransomware to target the networks of local government authorities.

“The alert, issued by France's CERT team, points to a rising number of attacks carried out with a new version of the Mespinoza ransomware strain, also known as the Pysa ransomware,” reports ZDnet. “Now, CERT-FR says the Pysa gang has moved to target French organizations, with the agency receiving reports of multiple infections.”

Unsurprisingly, Pysa attacks aren't limited to France. The ransomware gang has apparently attacked victims across multiple continents.

Healthcare facilities targeted by ransomware

Targeting governmental agencies, such as local municipal offices, port authorities, and medical facilities is part of an already trending strategy for cybercriminals, but during a pandemic, the stakes change dramatically for victims – and their patients.

Yet observers have worried that medical responders treating COVID-19 patients will be particularly targeted because they will need immediate access to their data, applications, and systems. In response, some hacker groups made a public statement that they would not be targeting medical facilities.

That promise was quickly broken though, as a coronavirus testing lab in the UK was targeted by the Maze ransomware group – one of the groups that announced the “cease-fire.” Even cyberattacks against the World Health Organization (WHO) have also doubled since the onset of COVID-19.

Data protection needs cybersecurity

Sophisticated ransomware threats often disable backup solutions and delete existing backup files. It is therefore crucial that today’s backup solution can protect itself, its agent, and all the created backups, e.g. by preventing write access from other processes.

Copying backup files to read-only locations can sometimes also help against cyberattacks. If the backups are stored in the cloud, then it also requires the security of the cloud connection and securely configured cloud itself. We recommend the following critical steps to protect your data:

  • Establish an anti-phishing strategy. Train employees to recognize malicious emails and sites, or use email systems with integrated anti-phishing solutions (or both).
  • Use two-factor authentication whenever possible. Even in its simplest form with SMS, it reduces the risk of “normal” attacks succeeding by 99% as Google research showed.
  • Use unique strong passwords for different services. A password manager can help you remember all these different passwords.
  • Update your systems automatically. You would not want to increase your financial debt, so don’t increase your technical debt either. Working with legacy systems will end up being more painful for the victim and more expensive than maintaining them properly.
  • Deploy ransomware protection and anti-virus systems. Remember, even the best products may fail to detect the newest malware and ransomware, so back up your data. Sometimes, having a copy of the data is better than having an anti-virus system deployed, given that some of the backup systems already have anti-ransomware functionalities. While phishing is one of the most frequently occurring types of attack, ransomware is often the most expensive to recover from. Backups are the best way to avoid the hassle. Make sure that your backups are not accessible to ransomware, keep them offline or on a remote system that ransomware attacks cannot reach.
  • Unless you absolutely have to, make public-facing websites static. Most companies do not need complex content management systems on their websites. Pre-rendered static pages will do just as good, but will be much more secure. There are a few site generators supporting such an approach. Most are affordable and some are even free. Static websites are also light on CPU usage, so SMEs will not need to invest in expensive additional hardware or virtual machines. You can even host a static site on a file-sharing platform.

Benefits of cyber protection

As data volumes grow and methods of safeguarding your data and the applications and systems that rely on it involve addressing complex and often competing considerations, the holistic approach of cyber protection is required.

At Acronis, we have developed a balanced approach to address the Five Vectors of Cyber Protection, which are safety, accessibility, privacy, authenticity, and security. As a result, our solutions provide comprehensive, well-balanced protection that goes well beyond traditional backups or classical antivirus solutions – each of which only focuses on one part of the equation.

Businesses need to evolve to cyber protection to anticipate and defeat cyberattacks. That’s why behavioral anti-ransomware like Acronis Active Protection has emerged as an important defense against hackers. Using artificial intelligence and machine learning, our technology can identify malicious threats based on how processes behave. Because it looks for suspicious activities instead of matching it against a database of known threats, it is particularly effective against zero-day attacks of ransomware strains that have never been seen before.

Preparing for the future

While the world continues to respond to the spread of the novel coronavirus and medical teams around the world struggle to care for those suffering and dying from COVID-19, the shameful truth is some immoral people will try to exploit the crisis for their personal gain. Acronis is certain cybercriminals will target the government agencies, healthcare facilities and medical professionals treating patients.

Countering these fast-changing threats – both the physical threat of coronavirus and the cyberthreat of malware – needs to be a priority for everyone.

Acronis COVID-9 response programs

Acronis has put special measures in place so its service provider partners can get the solutions their clients need to them. Since Acronis Cyber Backup Cloud includes our integrated AI-powered anti-ransomware defense, one of those programs is, that for any new customer a service provider adds after March 18, Acronis will not charge the net new end customer consumption of any Acronis Cyber Backup Cloud between March 18 and July 31, 2020.

This will allow service providers to help organizations that must enhance their anti-ransomware and cyber protection posture – even if they had not budgeted for it.

Details of Acronis’ response programs can be found here.

Candid Wuest
VP of Cyber Protection Research
Candid Wüest is the VP of Cyber Protection Research at Acronis, where he researches on new threat trends and comprehensive protection methods. Previously he worked for more than sixteen years as the tech lead for Symantec’s global security response team.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.