By Alastair Cooke – There has been a tactical pivot in ransomware. It seems that ransomware writers have realized that large organizations have lots of money, and some do not have the best protection against infections. Newer ransomware is behaving as an advanced persistent threat, a piece of malware that tries to stay undetected in your network for some time to do the maximum amount of damage.

The APT will usually spread through your network, infecting as many computers as possible. Often, the malware will try to connect to a command-and-control server over the internet to report the progress of the infection and await the command to attack. To respond to this new threat, you need different approaches to protect backups from ransomware.

A ransomware APT attack may start by stealthily spreading itself through your network and infecting all of your computers. It will then seek out file-based backups and valuable but older files to encrypt. The aim is to get as much of your infrastructure infected and encrypted — over a period of weeks or months — before you are alerted and can protect backups from ransomware. By slowly encrypting files, the ransomware is making the process of recovering from backups slow and expensive, perhaps more costly than paying the ransom. Once the infection is complete, and your backups contain a mix of encrypted and clean files, then it is time to detonate the ransomware. All of the infected machines will suddenly encrypt recently used files, and your applications will stop working. Read more: