February 15, 2017

The best way to reckon with ransomware

By Kevin Heisser
Systems Engineer
Arrow ECS

Today’s world is rampant with malware, viruses, ransomware and several other horrible computer infections. It seems as though your email is constantly being bombarded with scams; and browsing the internet is like walking through a field of hidden land mines. What can you do to truly make sure you are properly protected from all of these attempts at an attack? First, let’s define the problem.

What Is Ransomware?

Ransomware is a computer infection that compromises the entire computer or parts of the file system by encrypting the data. Once data is encrypted, the user cannot access it. The only way to access the data is to either crack the encryption, which is borderline impossible for most, or pay the ransom fine.

Attackers usually post their email or information as to where to send the funds on the compromised system’s screen, often requesting that it be paid in the form of bitcoins since they cannot be tracked. Unfortunately, many users and businesses have had to pay a hefty price to access their data again. Ransomware attacks are one of the most terrible and damaging things that can happen in today’s tech world!

Just How Bad Is It?

Let’s take a look at just how bad the current ransomware situation is. Here are just some of the different malware variants that have been discovered over the years and their mode of infection.

The rise of ransomware Palo Alto

Image from researchcenter.paloaltonetworks.com

According to the InfoSec institute, ransomware now makes up half of all malware-based infections, showing that it’s quickly becoming the primary malware culprit.

One of the most recent and damaging attacks was on several MongoDB databases under Amazon Web Services at the beginning of 2017. The databases were compromised with a ransomware variant with the attacker demanding a 0.2BTC ransom ($220) for the hostage data. The image below shows the message from the attacker.

MongoDB

Image from https://nakedsecurity.sophos.com/

Do not think for a second that ransomware and other malware only harm high-profile servers – it can harm any kind of computer, including desktops/laptops and phones, and on any type of operating system.

How Can This Be Prevented?

There are a number of ways to protect against an attack, but the single most important one is to have a solid BCDR (business continuity/disaster recovery) plan in place. Business continuity describes the processes and procedures an organization must put in place to ensure that mission-critical functions can continue during and after a disaster (i.e., a ransomware attack). Disaster recovery is a set of specific steps taken to resume operations in the aftermath of a disaster.

A solid BCDR solution that is ready to address a ransomware attack should include a backup copy and, in critical cases, multiple point-in-time backups. If your system gets infected, simply find the last backup before the infection occurred and then restore the system. Your records will then be restored to their pristine pre-infection state.

As you can probably conclude, the cost of fixing the damage done by ransomware/malware can be astronomical, ranging anywhere from $100 to $1,000 per infection or even higher. Say you have a company with 100 laptops infected – this can get very expensive in a short amount of time. In order to formulate the strongest BCDR plan, companies and individuals need to decide how critical their data is and how much time they can afford to lose in the event of a disaster. While cost can be a concern for many looking to adopt a BCDR solution, it’s important to realize that not having a plan in place can quickly become more expensive!

Arrow Can Help

There are many backup products on the market, and only a few can deliver the protection of everything in the data center along with desktops/laptops/phones while also allowing the point-in-time recovery to the moment just before the infection. Arrow’s backup experts can help you in determining the right BCDR path for you or your customers.

The Moral of the Story

Always strive to be proactive with a good backup product, not reactive. Backup solutions may not seem as “cool” as other technologies out there, but they are among the most critical. Don’t let ransomware get the best of you – protect your data with Arrow!