More Vice Society Ransomware Attacks in the News: 7 Ways to Ensure Your Data Is Safeguarded and Resilient

The Vice Society ransomware gang made headlines again. In late December, threat researcher SentinelLabs posted that the well-resourced ransomware group has adopted a new custom-branded payload in recent intrusions, dubbed “PolyVice.” The story notes that Vice Society is selling similar payloads to other groups, which implement a robust encryption scheme using NTRUEncrypt and ChaCha20-Poly 1305 algorithms.

While Vice Society was once considered a threat mainly to large organizations—it was behind the damaging attacks on Colonial Pipeline and JBS meat processing in 2021—the group (and those that buy its ransomware) now targets just about every size and type of organization. Last September, we wrote about the Vice Society’s involvement with the attack on The City of Palermo, Italy. More recently, its name has surfaced in attacks on a fire department in Victoria, Australia, and multiple schools in Gloucester, U.K.  

Sophisticated Attacks Demand Unstoppable Defenses

Vice Society is just one of many sophisticated ransomware groups that would love to break in and steal your data. And they have plenty of tricks up their sleeves, from phishing to exploiting vulnerabilities in your hardware and software to gain access to your data.

While there isn’t anything you can do to stop the attacks from coming your way, there are concrete actions you can take today. These ensure your defenses are as strong as possible and your data is always recoverable whether a ransomware attack, hardware failure, human error, or natural disaster hits you.

1. Keep Everything Up-to-Date

Patches and updates are crucial to closing vulnerabilities in your organization's software and hardware. But overwhelmed IT teams need to move fast to beat the bad guys to the vulnerabilities. So put a program in place that ensures patches are installed on receipt, and your systems are regularly reviewed to ensure everything is current.

2. Implement Robust Authentication and Access Controls

According to the Verizon 2022 Data Breach Investigations Report, the human element drives breaches, with the the two leading causes being stolen credentials and phishing—fake emails designed to steal private information by masquerading as a trusted entity. Fight back by using multi-factor authentication (MFA) and role-based access controls (RBAC) to ensure that anyone requesting access to your networks and data is who they say they are.

3. Educate Your Employees  

In this post, we shared eight ways employees can help reduce the risk of ransomware. That’s a great place to start. Most importantly, train everyone, from the C-suite down, to spot malicious emails and websites and the steps they need to take when encountering something suspicious.

4. Update Your Disaster Recovery Plan

Nothing would be worse than to have a disaster strike only to find the plans you made for dealing with it are out of date. So dust off your disaster recovery plan and ensure it’s current and supports your overall business objectives. That includes verifying that your RTOs and RPOs meet those needs. Then test your plan—regularly—so you know you can quickly recover no matter what comes your way.

5. Back Up Your Data to Immutable Storage

Even if you do everything we’ve listed above, all it takes is one click on a malicious link by an employee to let ransomware in and lock up your data. That’s where immutable backups give you a last line of defense.

Solutions like Arcserve OneXafe use a file system based on an immutable object store, with every object written only once. These objects can’t be altered or deleted, even by an admin. Any changes made to your file system result in the creation of new objects. And OneXafe continuous data protection (CDP) takes low-overhead snapshots every 90 seconds. So not only can you be sure that your immutable backups are always secure, but you can also return to a recent point in time following a disaster and recover entire file systems in minutes. 

6. Consider Ransomware Insurance

The National Association of Insurance Commissioners reported that insurers wrote about $6.5 billion in direct written premiums in 2021, a 61 percent increase from the prior year. The report also notes that insurers have responded to a tough market where losses paid to customers exceeded projections, driving up premiums. These statistics tell us that companies are getting smart and paying the premiums, no matter how high, to cover what they now recognize as the potentially massive costs of an inevitable attack.

Insurers will likely require that you put effective data protections in place before you are underwritten. That’s good because, while you’ll be forced to invest more in modern data protection solutions, you’ll also be able to rest assured that any losses you incur are covered.

7. Get Help From Ransomware Experts

Choose an Arcserve technology partner to help you select the best data resilience, protection, backup, and disaster recovery solution for your organization. Our partners bring deep expertise and experience to every client engagement. And check out our on-demand demos to see for yourself the robust data protections that Arcserve solutions deliver.