Ransomware on the loose!
Your organization has seen ransomware attacks happening to the government, corporations, and even small businesses in the United States and around the world. What caused this lapse of secure or vulnerability? Many of these problems could have been prevented with the correct security measures and disaster recovery plans in place.
Ransomware is all about maliciousness, casual incompetence, and greed. Your files become encrypted and a demand for payment is issued on your screens for a key that could potentially not even work. We know however with a good disaster recovery plan and backup solution your files can survive this infection. CTL has always recommended paying for the correct solutions now instead of fumbling in the recovery stage.
Ransomware is not shy of the target, it will attack governments, corporations, enterprise, and even individuals. It locks you out of your system and in many cases can even encrypt your local backup solutions. This software is only getting more sophisticated with new variants that will treat each infection as a transaction. Even if you pay the ransom and get your files back, this doesn't mean they can't repeat the process once again sooner or later.
Some backups were even deleted by ransomware software like ZENIS or even worse GermanWIper which deleted your files and still demands a ransom for files that you don't even know don't exist anymore. Ransomware used to be traditionally distributed by email campaigns that relied on gullible users on downloading malicious links, however, now are increasingly being distributed in the non-traditional ways. It is becoming more popular than ever to sneak malicious code and ransomware into apps and unvetted software that is freeware and what user, or company can resist saving money!
Ransomware backup protection!
If a ransomware event were to strike you what kind of protection did you utilize your system and what type of backup solution did you employ. While many think their operating system default backup is enough I am sad to burst that bubble with it isn't! If you look at the problem, you have two choices; pay the ransomware and pray for the best or reconstruct your system through backups if available.
It is best to work with some guiding principles when building your backups:
- It is best to assume that the ransomware will either delete or encrypt your files on your computer. It is important to understand this includes internal, external, and cloud connections to your computer at the time of the ransomware event. These measurers only ever protect against hard drive failures and shouldn't be your only line of defense.
- Utilizing an air gap to protect your systems. This means you have a disconnected device from the infected system and the internet. If you utilize an external hard drive, you might want to schedule weekly backups and only plug the device in long enough to complete the backup. While many users will utilize a NAS for backup solutions this doesn't mean it is protected from the malicious ransomware infecting your computer!
- Versioning is your best friend; this means utilizing multiple timestamped versions of your files and image backups to restore from. This is a key to ensure recovery from a ransomware attack as you can restore to a non-encrypted version of the file.
The practical backup strategy!
This is where we recommend not utilizing the common backup solutions that aren't robust to protect your system from ransomware. Each user will have to decide what their files are worth to them and if they can live without that information. Also, know the difference between cloud storage and cloud backups. The main difference to know is if the software sync's or mirrors your data or creates a version of each file as it is changed!
Many free solutions will leave you at risk because they will sync your data instead of creating versions. Some of the paid solutions like Dropbox Plus will give you a 30-day history or the Dropbox Professional gives you the 180-day version history. While OneDrive has its ransomware protection in which it notifies you and asks for verification on recent file changes it isn't always a perfect solution. Two of the worst services are Google Drive and ICloud which have no built-in protection and you really can't rely on them for a ransomware event.
Like CTL's MSP backup solution Code 42 many other online backup solutions employ versioning like Acronis, Carbonite, IDrive, among others. This allows a rollback to a snapshot of your hard drives before the infection. Companies like Carbonite even give out statistics about the number of customers that have called on them in recovering from ransomware.
Companies like Acronis utilize an anti-ransomware tool like Active Protection that looks for and identifies malicious behavior. “When Active Protection detects something fishy,” said James Slaby, director of cyber protection at Acronis, “Like a process that is renaming and then encrypting a bunch of files, it kills the process immediately.”
Anyone old enough to remember the Apollo spacecraft might not have known, but they utilized two independent guidance computers. In this regard, we always recommend at least a minimum of two types of backups for your systems. You could always utilize a traditional backup like cloud sync or physical backup solution that has built-in ransomware protection which is great.
However, at the same time implementing a secure backup solution with versioning is even more important. This could be a cloud solution or a local solution that stores to an external drive or NAS. While it can be more difficult to restore files from these types of backup solutions, they have weathered ransomware attacks better than any other notable solution to date.
Avoiding the infection in the first place!
Ransomware, in the end, is just another type of malware and users should be wary of downloads and links on unknown websites.
- Utilize a strong anti-malware solution is imperative. We have always recommended BitDefender or Emsisoft as our top two solutions.
- Know what you are clicking and if you don't trust it stop! This means weird or unknown websites, text messages from a weird sender, or even links in your email! One of the most important lessons learned by many users is pirated software is free for many reasons and many of them are hosts of buckets full of malware! Try to stay in your sanctioned storefronts like Google Play or Apple App Stores.
- Making sure to keep your operating systems up to date with the latest patches and version installations for 3rd party software like Java, Flash, etc. This is where utilizing Ninite Pro can help users automatically keep these systems always up to date.
If you suffer an event!
Life isn't over if you have taken the precautions we have recommended, and it is important to let your IT support know ASAP. The sooner your IT technician can assess the situation the faster you can be back up and running. There are often free tools by anti-malware companies that can even decrypt your files for free without paying a penny at times.
- No More Ransom: This is the joint project between McAfee and European law enforcement organizations that now boasts over 100 corporate and government partners.
- Emsisoft Decrypter: Emsisoft has created a great way to submit your ransomware to them and if found alerting you to a decrypter to get your files back. This is a nice ability for users who might not have a backup solution already in place before the event.