Many other groups stated at the beginning of the pandemic they would not target healthcare, but some have gone back on that promise. Moving forward, it is unknown if the group will be able to keep this promise or what they will do if an affiliate targets one of these entities. Companies should use the 3-2-1 rule as a guideline for backup practices. The rule states that three copies of all critical data are retained on at least two different types of media and at least one of them is stored offline. This will allow any company infected by ransomware to restore from a backup without paying the ransom, even if the threat actors attempt to destroy or corrupt online backup copies. In order to avoid data theft, it is necessary to implement a strong security program using a defense in depth approach to detect attempts to attack the network at multiple stages so that even if the intruder manages to bypass some defenses, others are in place to alert security analysts to the problem. Although attacks usually take a few days to complete, in some recent cases, ransomware attacks went from the first workstation infection (via a malicious email attachment) to full domain control and widespread encryption in about five hours. Security analysts need to be available 24 hours a day to respond to intrusions and must detect attacks quickly to be successful at stopping them before attackers have a chance to do serious damage. The Binary Defense Security Operations Task Force watches over clients’ workstations and servers 24 hours a day, every day, and is able to stop attacks no matter when they occur.

More can be read here: https://www.bleepingcomputer.com/news/security/darkside-ransomware-is-creating-a-secure-data-leak-service-in-iran/