5 Key Considerations and Preventative actions against Ransomware
What is Ransomware?
You probably didn’t end up here because you didn’t know the definition of “ransomware”, it’s probably the most topical IT outage cause for the past two years. But just in case, it’s a type of malicious software which restricts access to a computer and/or files on a computer until a ransom is paid, downloaded or accessed in more and more creative ways and then passed between users and computers much like a traditional virus but much more evolved. When a computer is infected it’s going to enforce restrictions through encryption and prohibit access to certain areas of a computer or environment.
Preparing for the day
Given the amount of these attacks we see in the news today, it’s a case of when rather than if you or your company will have to deal with a threat of ransomware. Prevention is far better than finding a cure. There are really only 2 options when you are hit with ransomware: pay the ransom or you can restore your compromised data from your backups. But as I said let’s make sure we have some prevention from being compromised.
Ransomware needs some way of accessing your network, this is mostly going to be through your endpoints, your non-IT employees. We must educate the workforce; this is not just an IT department issue.
Routine Access Audit
It’s very easy to open the floodgates on file shares across the estate but these cause major vulnerabilities if something was to get onto the network. Checking on a routine basis that permissions, ports and access within the environment are in a good shape and that people do not have access to files and shares they shouldn’t, could contain a threat from spreading.
There are releases all the time around preventive patches that will keep vulnerabilities at bay just by adhering to an update schedule. Antivirus, Firmware, Applications and Operating Systems all play a huge part in the prevention of malicious threats.
Backup, Backup, Backup
Make sure pertinent data is backed up and preferably NOT accessible to the standard user! Have you heard of the 3-2-1 backup methodology? every single day in regard to protecting data and allowing you to address nearly any failure scenario. The great thing is it also doesn’t require any specific technology. (regardless of vendor, this should be followed as any Backup, Business Continuity and Disaster Recovery methodology).
Running workloads “count” as one copy. The other two is where you need to think? the real saving point is making sure you have a copy of your data on “offline storage” but what is offline storage. All the Off-Site options could be deemed in a way a level offline, but I think a few other attributes would be:
- Out of band communication
- Protocol reliance
- Traversal of authentication mechanisms
The road to recovery
Possibly the last line of defence if one was to be hit by a ransomware attack! How do we get back to a good working order without any or much disruption to the business? Your prevention steps above should have you in a good place, we should have backups on offline media away from any infected environments.
The time of recovery is also important, before you recover your data from backups you need to be confident that the threat has been removed from the systems. At this point you can start recovering. The recovery should also be executed correctly, there are many ways in which to recover different data sets, be sure to choose the most appropriate method for the data you are recovering.
How can you be sure your backup is clean?
Ransomware has advanced so much over the years that before the file executes its attack it can be sat stagnant for days, weeks, months or even years. If this is the case, then surely that file that is waiting to infect your surroundings could be sat in your backup file? How are you going to be able to perform scans against your backups prior to recovering?
Check out Veeam DataLabs: Secure Restore for more information.