☰ MENU

Emissary Blog



BACKUP: THE LAST LINE OF DEFENSE TO RANSOMWARE


Posted on 2017.06.02 by Marty Rogers

Elon Musk may have been talking about bigger things than Ransomware when he said, “Some people don't like change, but you need to embrace change if the alternative is disaster. “

But when Ransomware hits your organization you will be ready for change!  If you are an IT manager, a cluster of thoughts will be flying through your head.  Why didn’t I check the backups?  Why did I delay the software update?  Why didn’t I take this issue more seriously, earlier?  Whatever the thoughts you may have, the internet is a big bad place, and it pays to know the what, how, and why of the dangers.  

Ransomware is a type of malware that targets vulnerable servers, desktops and end point devices including Windows, Mac, Linux and Andriod devices.  The first 3 months of 2016 the number of reported ransomware cases in Japan was 870. Once infected, the ransomware will systematically encrypt files visible on the hard drive, direct attached storage, and network shares.  Ransomware arrives as an email and looks legitimate with an attachment or link with your name.  50% of users can't accurately identify ransomware as a type of threat that prevents or limits access to computer data. 93% of phishing emails now contain ransomware and an average ransomware bribe is roughly the same as a car payment of $500.  120 days is the average time between initial ransomware compromise and discovery.  When the system or device is compromised malware scans files to encrypt; access to data and or files on the device is prohibited and the user is informed of a ransom to be paid.  Malware encrypts files on connections that can be seen without authentication on Direct attached storage (USB drives), network attached storage, mapped drives and shares like Dropbox, Onedrive and Google drive.   You have two choices.  You can pay the hacker or restore from backups.   

The stakes are high.  The FBI says that if a hack involved ransomware then “Just pay the ransom.”  The FBI wants companies to know that the Bureau is there for them if they are hacked.  But if that hack involves ransomware, the FBI is warning companies that they may not be able to get their data back without paying a ransom. Not only do hackers demand users to pay to regain access to device data or files, they demand payment or data will be destroyed.  Other tactics include an increasing fee as time elapses, or they may demand payment or increments of data will be destroyed.  Even if you pay, there is no guarantee you get your data back.  If the encryption was faulty and the description key doesn't work the hackers don't care.  

User awareness is absolutely essential.  The BBC reports there are now more than 120 separate families of ransomware that criminals use, which is an increase of 3,500% compared with the same period last year.  Assume you will be breached and attacked by Ransomware because the financials work.  Ransomware is good business for hackers with a nice ROI; Blueshift informs that exploit kits sold for $3,000 can make over $100k per year at one $300 payment per day.  Be prepared; prepare for the loss of data at a given point by creating backups of your critical data.  120 days is the average time between initial ransomware compromise and discovery.  So, backup your data; deploy a solution to detect and block ransomware in its initial stages.

What you can do

  • Backup regularly (onsite & offsite)
  • Don’t enable macros in document attachments received via email
  • Don’t stay logged in as an administrator longer than necessary
  • Use different credentials for mapped drives
  • Keep OS and software up-to-date with patches
  • Show files with extensions

Best Practices Against Ransomware

  • Backup your data.   No backup, no protection.  In any disaster, as long as you have a backup you can restore to a fresh install.  
  • Setup up Redundancy with onsite and offsite backups.  Multiple versions stored on-site & off-site can ensure data recovery even if the malware is dormant for some time.  
  • Isolate your Backups.  Backups stored on network shares, mapped/unmapped drives, direct attached storage (DAS) and network attached storage can be exposed to Ransomware.  Consider an agentless client so as not to be a part of the domain increasing security and does not install agents on target machines.  In that way, Network Offsite backups will not be affected as there is no infection path for Ransomware.  
  • Test your backups.  Regular testing and disaster recovery drills are essential to ensuring data is recoverable.  
  • Organize well.  Know where license keys, passwords, and CD or DVD media are for timely recovery.

Now is the time to embrace change, and it pays to have an alternative to disaster with backups, redundancy, isolation, testing and good organization.

 

Free eBook: Common challenges and concerns with ransomware

Contact Sales at Emissary Computer Solutions for more information

Follow us on LinkedIn



About Marty Rogers

In addition to Director of Sales and Business Development, Marty leads Emissary Computer Solutions clients' social media blog relations initiatives. Marty is a sales and marketing professional with an abundance of Japan domestic contacts and a reputation of someone who can deliver results. Marty has twenty years’ experience in Japanese sales and business growth for global brands with success in retail, corporate, channel, partner and OEM management with executive level engagement.

Latest Articles

How I use Yoshinkan Aikido in Business - Part III

Posted on 2017.06.25

Welcome back to my series of how I apply Yoshinkan Aikido in Business.

Thanks for coming back!

Part I of this series was about focusing on goals.
Part II was about handling failure.

In this post, I am going to ...

Read More

How I use Yoshinkan Aikido in Business - Part II

Posted on 2017.06.19

Welcome back to my series of how I apply Yoshinkan Aikido in Business.

Thanks for coming back!

I summarized Part I of this series with the thought that, "We should all remember that we need to stay focused on our goals, to ...

Read More



Subscribe to our Blog

You will receive advice, updates, and interesting articles to benefit your helpdesk, backup and business continuity needs.



We will not share your email address with any 3rd party.


Archives



Categories



RSS Feed