Ransomware like DeepBlueMagic puts SaaS data at risk

In August, researchers detected a new, dangerously clever ransomware variant being used by a threat group called DeepBlueMagic. According to researchers at Heimdal Security, who discovered the ransomware, DeepBlueMagic is unique because it is able to disable security tools in order to avoid detection.

“This new ransomware strain is a complex one, displaying a certain amount of innovation from the standard file-encryption approach of most others,” Heimdal Security said in a release.

According to Heimdal, DeepBlueMagic operates differently from other ransomware that have previously been discovered. The ransomware was used to attack a computer running a Microsoft Windows Server operating system and during the attack, DeepBlueMagic was able to stop every third-party Windows service found on the computer. This ensured the disabling of any security software. If these services had been active, they would have been able to immediately detect and block the ransomware.

DeepBlueMagic is just the latest example of the devastating impact ransomware can have on companies. Malicious ransomware can grind operations to a screeching halt, hurt a company’s reputation, and result in the loss of critical data from vital software-as-a-service applications.

Let’s look at the increasing threat of ransomware and the importance of SaaS protection in preparing for attacks.

A Growing Threat

Ransomware attacks have become increasingly common. One survey of 5,400 IT decision makers across 30 countries found that 37% had been affected by ransomware attacks in the last year alone.

In 2019, experts predicted that a ransomware attack would occur every 11 seconds in 2021, and reports indicate attacks have increased dramatically this year. One report indicates ransomware attacks surged 93% in the first 6 months of 2021. The report’s researchers also predict attacks will continue to increase in the second half of the year, despite greater action by law enforcement.

Additionally, reports indicate ransomware is increasingly targeting SaaS data. One recent report by IT software company Ivanti looked at 223 vulnerabilities tied to ransomware. According to the report, SaaS had the highest count of vulnerabilities seen trending with active exploits among ransomware groups.

The Cost of an Attack

In this recent DeepBlueMagic ransomware case, the company was able to restore the locked files, but other companies haven’t been so lucky. Last year, municipal governments, universities and private businesses spent more than $144 million responding to the biggest ransomware attacks in the first half of 2020. This spending involved more than just paying the ransom and included spending on everything from rebuilding networks and restoring backups to repairing their reputation.

Even when companies pay the ransom, there is no guarantee their data will be returned in one piece. According to a recent report of 1,263 companies, 46% of companies who paid the ransom and regained access to their data soon found that data had been corrupted.

In addition, these attacks can result in costly downtime. When companies don’t have access to the data they need it can be difficult to maintain operations. One report indicates that on average ransomware attacks can lead to 21 days of downtime for companies.