Tag Archives: data loss

Enhance data protection in Microsoft Outlook with Cloudflare One’s new DLP Assist

Post Syndicated from Ayush Kumar original https://blog.cloudflare.com/enhance-data-protection-in-microsoft-outlook-with-cloudflare-ones-new-dlp/

Cloudflare Email Security customers using Microsoft Outlook can now enhance their data protection using our new DLP Assist capability. This application scans emails in real time as users compose them, identifying potential data loss prevention (DLP) violations, such as Social Security or credit card numbers. Administrators can instantly alert users of violations and take action downstream, whether by blocking or encrypting messages, to prevent sensitive information from leaking. DLP Assist is lightweight, easy to deploy, and helps organizations maintain compliance without disrupting workflow.

Making DLP more accessible

After speaking with our customers, we discovered a common challenge: many wanted to implement a data loss prevention policy for Outlook, but found existing solutions either too complex to set up or too costly to adopt.

That’s why we created DLP Assist to be a lightweight application that can be installed in minutes. Unlike other solutions, it doesn’t require changes to outbound email connectors or provide concerns about IP reputation to customers. By fully leveraging the Microsoft ecosystem, DLP Assist makes email DLP accessible to all organizations, whether they have dedicated IT teams or none at all.

We also recognized that traditional DLP solutions often demand significant financial investment in not just software but also in team members to configure and monitor them. DLP Assist aims to eliminate these barriers. Customers can use the application as part of our Email Security product, avoiding the need for additional purchases. Plus, with our DLP engine powered by optical character recognition (OCR), confidence levels, and other detection mechanisms, organizations don’t need a dedicated team to constantly oversee it. 

By eliminating the complexities of legacy DLP and email systems, we allow customers to quickly begin preventing the unauthorized egress of sensitive data. With DLP Assist, organizations can be confident in controlling and protecting the information that leaves their environment.

How does it work?

Our DLP Assist is an application that integrates with the Desktop (Mac and Windows) and Web Outlook clients, passively scanning emails as they are composed. Running in the background within Microsoft Outlook, DLP Assist continuously monitors new text and attachments added to emails that users are drafting. 

When a customer downloads and installs the application, Cloudflare creates a unique client ID specifically for emails read from the DLP Assist application, which serves as an identifier solely for use by DLP Assist within Cloudflare’s backend. When a user begins drafting a message, the DLP Assist application invokes several Microsoft Outlook APIs to gather information about how the message is changing. These APIs let the Cloudflare application continuously access different parts of the message like subject, body, attachments, etc. While the application is reading the changes within the message, it also establishes a secure, encrypted connection with a Cloudflare Worker. 

As raw data about the email and attachments is sent to the Worker, the Worker relays the information to our DLP engine, which is at the heart of our scanning process. It leverages OCR technology to analyze attachments, extract text from images, and detect DLP violations across both email content and embedded data. It also examines raw text to ensure a comprehensive analysis of every part of the email and its attachments. While our engine supports most attachment types, it currently does not process video or audio files.

The DLP engine runs on all of our servers, and we also store the customer DLP profile configuration data on all of our servers. By keeping DLP policy configuration data on all servers alongside our analysis engine, we eliminate the need to reroute requests across our network allowing for low-latency, real-time DLP checks. The customer’s client ID enables us to find and apply their defined DLP profiles and accurately determine policy violations, delivering results directly to the Cloudflare Worker. If a violation is found, the Worker responds to the application to take action within Outlook. 

Our architecture ensures real-time scanning with minimal latency, as end users are always near a Cloudflare Worker, regardless of their location. Additionally, this design provides built-in resilience — if a Cloudflare Worker becomes unavailable, another can take over, allowing for uninterrupted DLP enforcement. By scanning in real time, this allows us to provide immediate feedback to the user about any DLP violations that they have within their email, rather than the user having to wait till the message has been sent. 

If a violation is detected, the application first displays an insight message — a ribbon notification at the top of the email — alerting the user to the issue. Administrators have full control over this message and can customize it to provide specific guidance or warnings. We find that most of our customers point users to documentation reminding them what is allowed to be sent outside of the organization. 


When a DLP violation occurs, DLP Assist also injects a header into the EML file to indicate the violation. If the user removes the content that is in violation, the header is automatically removed as well.

If the violation remains unchanged, DLP Assist invokes a Microsoft Outlook API which prompts the user with a final warning, giving them another opportunity to revise the message before sending.


If the user proceeds without making changes, the email will be sent from the client with headers embedded into the EML showing that message contains a DLP violation. Organizations can configure their outbound mail transfer agent (MTA) to take appropriate action based on these headers. For those with Microsoft as their outbound MTA, Cloudflare’s DLP Assist integrates with Microsoft Purview, enabling organizations to block, encrypt, or require approval before sending.

For example, if an organization configures Purview to block the email, users will receive a notification similar to this one.


Violations detected by the DLP Assist application can also be sent externally through our Logpush feature. Customers have the flexibility to integrate this data with SIEM or SOAR platforms for deeper analysis, or store it in bucket storage solutions like Cloudflare R2. Additionally, customers can enhance their reporting capabilities by viewing block data directly within their outbound gateway.

As we continue to improve our DLP engine, we’re introducing more advanced ways to analyze messages. During Security Week 2025, we’re unveiling new AI methodologies that automatically fine-tune DLP confidence levels using machine learning models. Initially, these enhancements will be rolled out for Gateway violations, but we plan to extend them to email scanning in the near future. For more details, see the associated blog post

Cloudflare One’s DLP Assist is designed for quick deployment, enabling organizations to implement a data loss prevention solution with minimal effort. It allows customers to immediately begin scanning emails for sensitive data and take action to prevent unauthorized sharing, ensuring compliance and security from day one.

How can I start using it?

To get started, navigate to the Zero Trust dashboard and click on the Email Security tab. From there, select the Outbound DLP tab.


To install DLP Assist, organizations can download the manifest file, which provides Microsoft with the necessary instructions to install the application within Outlook. Administrators can then upload this manifest file by going to Integrated Apps within the Microsoft 365 Admin Center and selecting Upload Custom Apps:


This application is best suited for use with OWA (Outlook Web Access) and the desktop (Mac and Windows) Outlook client. Due to Microsoft limitations, a stable experience on mobile devices is not yet available.

More information can be found within our developer documentation

What’s next?

We’re continuously expanding our solutions to help organizations protect their data. Exciting new DLP and Email Security features are on the way throughout 2025, so stay tuned for upcoming announcements.

To learn more about our DLP and Email Security solutions, reach out to your Cloudflare representative. Want to see our detections in action? Run a free Retro Scan to uncover any potentially malicious messages hiding in your inbox.

Security Researcher Sued for Disproving Government Statements

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2024/09/security-researcher-sued-for-disproving-government-statements.html

This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly proves their statements to be lies. The city gets mad and sues the researcher.

Let’s hope the judge throws the case out, but—still—it will serve as a warning to others.

How to Download Your Google Drive and Back Up Your Files

Post Syndicated from Molly Clancy original https://www.backblaze.com/blog/download-backup-google-drive/

A decorative image showing a Google Drive logo and a storage bar filling up with different types of files.

Editor’s Note

What better time for a reminder to back up your data than after a serious data loss event? If you are concerned about the safety of your Google Drive data after the reports of unexplained data loss by Google Drive users last week, then read on to learn how to download and back up your Google Drive.

More than one billion businesses and individuals use Google Drive according to, well, a quick search on Google. If most of those one billion people are like me, they save pretty much everything there. 

Whether the data is professional or personal, the end result is a lot of important files that aren’t necessarily backed up anywhere. Maybe your school is closing your account and you need to move all of your data somewhere else. Maybe your account gets attacked by cybercriminals. Or maybe Google goes down or loses your data. In order to protect your important Google Drive files, you need to understand how to go about downloading and backing up your account. 

In this post, you’ll learn some simple steps to achieve that, including how to download your Google Drive, how to back up your computer, and how to back up your Google Drive.
We’ve gathered a handful of guides to help you protect social content across many different platforms. We’re working on developing this list—please comment below if you’d like to see another platform covered.

How to Download Your Google Drive

Most people have multiple email accounts, so first it is important to make sure you are logged in to the correct Google Account before you start this process. 

Once you’re signed in, you will want to go to Google Drive: drive.google.com. From there, you can download individual files if you don’t have that many or do a bulk download.

To download individual files:

  1. Hold shift while you select all of your files.
  2. Right click and select download.

To do a bulk download:

  1. Go to your account at myaccount.google.com.
  2. Go to Data & privacy.
  3. Scroll down to the section of the page titled “Download or delete your data” and click “Download your data.” This allows you to download all of the data in your Google account (not just Google Drive) via Google Takeout.
A screenshot of Google Drive settings showing where to download your data.
  1. Select Google Drive (and whatever other services you might want to download data from).
A screenshot of Google Drive settings showing how to select which Google suite data you want to download.
  1. You then have a few options to select:
    1. Multiple formats: Here you can tell Google the formats of the files you want to download. For example, if you want to download documents as .docx files or as PDFs.
    2. Advanced settings: Here you can tell Google to download additional data, including previous versions and the names of your folders. 
    3. All Drive data included: Here you can select all data, or deselect specific folders if you want to.
  2. Scroll down to the bottom and click on Next Step.
  3. You’ll be prompted to specify your delivery method. Select Send download link via email.
  4. You can then specify your frequency. You can select a single export or an export every two months for a year. For our purposes, you can select a single export. (We’ll talk about options for backing up your data more frequently later.)
  5. Specify the file type and the file size you want to export.
    1. You can choose to have these files sent as a .zip file or a .tgz (tar) file. The main difference between the two options is that a .zip file compresses every file independently in the archive, but a .tgz file compresses the archive as a whole.
    2. The file size tells Google when to split your data into a separate file. Depending on the size of your data, Google may send you multiple emails with different sizes of files.
A screenshot of Google Drive settings showing where to set the frequency and file types of data downloads.
  1. Click Create export.

When most people think about downloading the data they store in Google Drive, they’re thinking about the documents, photos, and other larger files they work with, but (as Google Takeout makes clear) you have a lot more data stored with Google outside of Drive.

Here’s why you might choose to export everything: 

  • To have a copy of bookmarked websites. 
  • To have a copy of emails that may contain files you’ve lost over time. 
  • To have a copy of important voicemails from loved ones in Google’s Voice product that you want to keep forever. 

Also, when you download all of your data it is a good reminder of what information Google has of yours.

After you click Create export, you’ll get an email in a few minutes, hours, or a couple of days, depending on the size of your data, informing you that your Google data is ready to download.

How to Back Up Your Computer

You now have your Google Drive data out of the Google Cloud and on your computer. Next, you’ll want to make sure it’s backed up. Your computer can fail just like Google, so simply downloading it isn’t enough. Protecting your newly downloaded Google data with a good cloud backup strategy should be the next thing you do.

Make sure to have at least three copies of your data: two local including one on your desktop and one on a different storage medium, like a hard drive. Then, you should have one off-site, and these days that means in the cloud.  

Note that when we’re using the word “cloud” here, we specifically mean that you’re backing up to the cloud. Often using a “cloud drive” means that you’re syncing, and, as the current data loss snafu at Google shows, there’s a big difference between sync and backup.

How to Back Up Google Drive

Downloading your data once and backing it all up is a good step. But, you’re adding documents to Google Drive all the time, and downloading your data manually can get tedious if you want to make sure your work is consistently and reliably backed up. 

Of course, as we noted above, you can set your Google Drive bulk download frequency to a regular cadence. You’d still have to manually download your data and add it to your computer’s local storage, then back it up using the same method you would for your computer data. If you’re using Backblaze Computer Backup, which automatically runs in the background on your computer, those files would be backed once they entered your local storage. 

Still, that means that you have the possibility of losing files if your cadence isn’t frequent enough, and if you forget to manually download and replace those files sent to you in email, then you might run into trouble. 

Alternatively, there are a few services that will back up your Google Drive data for you. With something like Movebot, you can set up your Google Drive to sync and back up to a cloud storage service like Backblaze B2. If you’re a little more tech savvy, you can also use rclone to do the same thing. 

These tools are a bit more complex than using your Backblaze Computer Backup account, but you can configure these tools to back up your Google Drive at a frequency that makes sense for you to make sure new data is getting backed up as you add it.

Do you have any techniques on how you download your data from Google Drive or other Google products? Share them in the comments section below!

FAQ

How do I download individual files from Google?

You can simply select the files you want to download, right click, and select Download.

How do I download my entire Google Drive?

You can use Google Takeout to download your entire Google Drive as well as any data you have in other Google services. Go to your account, click on Data & privacy, and click on Download your data to get started.

How do I back up my Google data once I download it?

You can back up your Google Data once you’ve downloaded it to your computer by using a trusted cloud computer backup service. Make sure to follow a 3-2-1 backup strategy by keeping at least two backups in addition to your data in Google drive: one local, on your desktop or on a hard drive, and one in the cloud.

How do I back up my Google Drive?

There are many backup software services available to help you back up your Google drive data. With something like Movebot, you can set up your Google Drive to sync and back up to a cloud storage service like Backblaze B2. If you’re a little more tech savvy, you can also use rclone to do the same thing. 

The post How to Download Your Google Drive and Back Up Your Files appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

2023 State of the Backup: As Data Needs Grow, Backups Need to Fill the Gaps

Post Syndicated from original https://www.backblaze.com/blog/2023-state-of-the-backup-as-data-needs-grow-backups-need-to-fill-the-gaps/

A decorative image featuring two figures behind a desk, a graph showing an upward trend line, and with the title "2023 State of the Backup".

Each passing year brings with it a June, and with that comes a Backup Awareness Month. For those that are new to the blog, each June we partner with The Harris Poll to gauge the state of backups in the United States, by asking the simple question: “How often do you back up all the data on your computer?” (And a handful of other questions, too.) This post marks our survey’s 15th anniversary, and as you can imagine, the backup world has changed a lot in that time. 

If you’ve followed our previous State of the Backup articles, you’ll know that we usually have a burning question that we want to answer. In 2021 and 2022, we were interested in the “best backer upper.” This year’s focus touches on the different “cloud” services that respondents use, and their confidence level that those services are providing them with the protection they crave—nay, deserve.

And that’s not just our (totally) normal love of backup coming out. It comes as news to no one that the world has shifted to a more digital environment, the ways we store, use, and manage data have changed. We have our data at more touchpoints in our lives, and cloud-based sync services are readily available. Being able to capture a full backup for all those various uses—business and personal—means that the need for automatic, unlimited solutions that you can access from anywhere is no longer a “nice to have.” It’s essential.

Backup Frequency Trends for 2023

This is one of my favorite graphs. Now with 15 years of data, we look at our headline question: How often do you back up all the data on your computer? This year we’re pleased that daily backups have not decreased and remain at similar levels to last year. In 2023, 11% of Americans who own a computer backed up their data at least once a day compared to 10% in 2022 and 11% in 2021. Weekly (8% in 2023 and 7% for both previous years) and monthly (15% in 2023 and 13% and 14% in the two previous years) backups among those who own a computer are similar to the past years as well. 

The number of people who have never backed up data also remains at similar levels, with 18% of Americans who own a computer saying they’ve never backed up data in 2023 compared to 20% saying the same in the prior two years. 

If you’ve hung around the Backblaze blog before, you likely have heard me (Yev) saying that the main competitor we have to our computer backup service is apathy. While we’re not (yet) seeing a statistically significant drop in those “never” numbers, we love to see that this category isn’t growing. And, we’ve got big plans to get more folks backing up in the future—we love using polls like this to learn more about how to move the needle. You can see from the graph below that, if you compare to 2008, we’ve certainly seen change over time.  

Since some people prefer the raw data, and you can find it here, lovingly copied from Google Sheets:

While we’re past March 14, Pi Day is one of my favorite holidays to celebrate and also one of my favorite chart types. Here we have pie charts comparing the 2008 to 2023 data:

We love seeing the daily section growing while the never section shrinks—that’s progress. And, like we stated above, we view it as a big indicator of the massive shift in the ways people are using data. 

Of course, we would love to see the daily backups skyrocketing year over year, because at the end of the day, if people aren’t backing up frequently, they are at risk of losing at least that day’s worth of data, which is one of the things that Backblaze Computer Backup is trying to help people avoid.

The Title of “Best” at Backing Up Is Up For Grabs

A few years ago we got curious about who is “best” at backing up. In 2021, we saw some statistical significance that indicated women between 35-44 years of age (21% likely to backup versus 9% of those 18-34 and 6% of those 55-64), and those who live in the Western United States (17% more likely to back up vs. the South and Midwest at 9% and 7%, respectively) were more likely to be computer owners who backed up once a day or more. When we checked in 2022, we found no statistical difference between the categories—but, we’ll explain why we keep checking in on this profile.

It’s worth taking a time-out for a stats mini-lesson, because we Backblaze plebeians did see some interesting fluctuations in the data, and the awesome experts at The Harris Poll let us know that these fluctuations are to be expected. Here’s why: When you’re talking about surveys rather than a census of a group, there is a sampling error that is expected just because you get a different group of people responding over time. We do statistical testing to see if the fluctuation could be due to chance (we just randomly got a different group of people) or if something has really changed in the group over time. In our survey, performed with 95% confidence, that means if we collected the survey 100 times we would report differences that would only occur in five of those surveys by chance assuming no change in the group. (Here’s an article that explains in more detail, if you’d like to dig in.)

The TL:DR of all that is that for a category to show statistical significance, it needs to be 5% greater or less than the total average of the parent category. In our parent category of computer owners who back up once a day or more,” we have a total average of 11% for 2023. Women between the ages of 35–44—clock in at 15%. So, while that’s not statistically significant, it’s certainly worth monitoring in our future surveys. 

And that means that this year, the title is up for grabs! Get geared up for next year, folks: We love healthy competition about better backups.  

Cloud Services Are All Around

When we started Backblaze 16 years ago, Amazon AWS had only recently started marketing Amazon Elastic Cloud Compute (in 2006, folks). Now, “the cloud” is a household name although it’s something of an amorphous concept for many—but there’s no denying that the cloud is accessible to consumers and companies alike. 

Here are some indicative stats: 

  • Nearly two in three Americans (65%) who have backed up all the data on their computer use a cloud-based system as their primary backup method. 
  • Those who use the cloud services backup (63%), drive (67%), or sync (62%) to back up their computers are much more likely to say their backup method automatically backs up all the data on their computer than those who use an external hard drive (36%).
  • Those who use a cloud backup service are more likely to say they had to recover, access, or restore lost data from their computer in the past month than those who use a cloud drive service, cloud sync service, or external hard drive (18% vs. 9% and 7% each).

Some of these facts reveal very important questions about backup and sync in relation to our backup questions. We’ve talked about the differences in the past, and here we see folks who are saying that they use a drive or sync service as their backup method. 

So, when those Americans using cloud-based systems think they’re backing up each day, in all likelihood, at least some of them are describing another type of data storage—syncing data across devices or storing data on a cloud drive. But, without an additional copy of your data, you aren’t truly backing up.

Still, even with more people backing up, overall data confidence is low, with fewer than one in five Americans (17%) stating they are absolutely certain that their most important computer files are safely backed up somewhere. Even more telling? 12% of Americans who use a cloud service, external hard drive, or a network attached storage (NAS) as a primary method to back up data say they are not confident the method they use is set up to protect all of the data on their computer. 

That number means we need to get more people not only backing up but testing their restores. If you’ve never tested your restores, we highly recommend it. Not only does it let you see exactly where you’re storing your files and what it takes to restore them, but it also shows you how long it will take to get your files back online in the event of data loss. It’s also one of the main differentiators between “cloud” services—the ease with which you can get all your data back is a good selection criteria. 

In Recovery Situations, A Plan Makes All the Difference

The whole point of a backup is to make sure that you never lose critical data. We certainly want and value this for personal recovery—check out our article about how a digital go bag can help you prepare for natural disasters and the like.

But, if you’re a business owner, any disruption in data or file loss can mean that your business is off-line. Business continuity plans help you understand how to get back online with minimal stress and as soon as possible. Especially if you’re a small or medium-sized business, you know how important that is! Services like Instant Business Recovery are a great tool in that respect: They help your business prepare for scenarios in which you might have outages and to get back online as quickly as possible.

What Are Those Services Doing Anyway?

When looking at computer owners who use a cloud backup service like Backblaze as their primary backup we find that:

  • 63% say their service automatically backs up all the data on their computer.
  • 27% say it backs up only the data they select with no limitations.
  • 9% say it backs up only the data they select but with some limits.
  • 1% marked “other.”
  • 1% are not sure at all.

Why is this important? Well, different types of backups mean that you can recover things in different ways. For instance, a bare metal recovery is designed to take you from a computer with nothing on it—not even an operating system—to a fully-functional computer with all your files. Does your backup service support those file types? 

Another example: a grandfather-father-son or a full vs. incremental backup may help you save valuable storage space when it comes to backing up (especially when your backup service may have limits or charge you based on storage space, as some folks indicate above). 

Finally, our old pal, the 3-2-1 backup strategy, recommends both an on-site and an off-site copy of your data, which means that whichever method you use to backup, you’re going to want to store those backups in different and accessible ways. 

It’s not only a question of knowing if your backup service is automatically backing up all the data on your computer—you also want to know where that data is being stored, what file types are supported, if or how you need to set “rules,” and more. There are positives and negatives to each backup strategy, of course, but the numbers above show us that we have some work to do to help people know where to start when it comes to building an effective plan. We see a detailed education campaign about what Backblaze backs up brewing in our future!

Backing Up Remains Paramount

When looking at the data loss statistics of Americans who own a computer:

  • 70% report accidentally deleting something.
  • 54% report having lost data.
  • 54% were affected by a security incident (like ransomware or malware).
  • 46% had an internal or external hard drive crash.
    • 36% of those who did had crashes happen within the last year.
  • 45% lost access to their data when a shared drive or synced drive was deleted.

This year over half of Americans who own a computer reported being affected by a security incident, and that number is in line with last year (54% this year vs. 53% last year). Over the years, ransomware has increasingly become a “when, not if” situation, which means that seemingly simple things, like making strong passwords, using virtual private networks (VPNs), and knowing how to recognize a phishing attack are more important than ever. Prevention is only half the battle of course—and a good backup and recovery plan is the other. 

What’s more, these things become even more interesting when you think about data loss as it comes to our working environment. As we see modern work patterns change, we see more people working on their home networks and using mobile phones. As the workplace has shifted to include more remote and hybrid environments, employers are having to think about what it looks like to secure data across dispersed locations. Not only do you have lots of folks working on software as a service (SaaS) tools that include synced or shared drives (and have their own backup strategy demands), but you also need to capture folks saving on their local drives—which means you need individual workstation backup to ensure that you have a complete disaster recovery (DR) plan in place. 

Good Backups Get Personal

Fifteen years into this Harris Poll (and 16 years into being Backblaze!), we are still driven to understand the world of backup to support our ultimate goal: making storing and using data astonishingly easy. The work of taking these disparate data points (70% of Americans who own a computer have accidentally deleted something) and turning them into solutions (hey, an automatic backup means that you can get it back) is something we can’t do without understanding the world and how it changes. 

And, this is true on an individual level, too. When you’re building your backup solution, what you need for your personal backups is likely to be different from what you’ll need for your job. Maybe a network attached storage (NAS) device lets you bring all of your family’s household devices to a single place to manage and backup data, keeping you away from those pesky iCloud data storage limits. If you own a business, maybe you want to consider how long to keep your backups and how much it costs to store data in different formats like on hard drives or in the cloud. 

We hope you enjoy seeing the big picture as much as we do, and we hope this information ultimately helps you to find the best backup service for your data. Jump into the comments and let us know what you think! 

Survey Method:

This year’s survey was conducted online within the United States by The Harris Poll on behalf of Backblaze from April 25–27, 2023, among 2,050 adults ages 18+, among whom 1,857 own a computer. The sampling precision of Harris online polls is measured by using a Bayesian credible interval. For this study, the sample data is accurate to within +/- 2.8 percentage points using a 95% confidence level.

Prior year’s surveys were conducted online by The Harris Poll on behalf of Backblaze among U.S. adults ages 18+ who own a computer in May 19–23, 2022 (n=1,861); May 12–14, 2021 (n=1,870); June 1–3, 2020 (n=1,913); June 6–10, 2019 (n=1,858); June 5–7, 2018 (n=1,871); May 19–23, 2017 (n=1,954); May 13–17, 2016 (n=1,920); May 15–19, 2015 (n=2,009); June 2-4, 2014 (n=1,991); June 13–17, 2013 (n=1,952); May 31–June 4, 2012 (n=2,176); June 28–30, 2011 (n=2,209); June 3–7, 2010 (n=2,051); May 13–14, 2009 (n=2,154); and May 27–29, 2008 (n=2,723).

For complete survey methodologies, including weighting variables and subgroup sample sizes, please contact Backblaze.

The post 2023 State of the Backup: As Data Needs Grow, Backups Need to Fill the Gaps appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

The LockBit Ransomware Gang Is Surprisingly Professional

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2022/09/the-lockbit-ransomware-gang-is-surprisingly-professional.html

This article makes LockBit sound like a legitimate organization:

The DDoS attack last weekend that put a temporary stop to leaking Entrust data was seen as an opportunity to explore the triple extortion tactic to apply more pressure on victims to pay a ransom.

LockBitSupp said that the ransomware operator is now looking to add DDoS as an extortion tactic on top of encrypting data and leaking it.

“I am looking for dudosers [DDoSers] in the team, most likely now we will attack targets and provide triple extortion, encryption + date leak + dudos, because I have felt the power of dudos and how it invigorates and makes life more interesting,” LockBitSupp wrote in a post on a hacker forum.

The gang also promised to share over torrent 300GB of data stolen from Entrust so “the whole world will know your secrets.”

LockBit’s spokesperson said that they would share the Entrust data leak privately with anyone that contacts them before making it available over torrent.

They’re expanding: locking people out of their data, publishing it if the victim doesn’t pay, and DDoSing their network as an additional incentive.