Protecting against Ransomware attacks

Fri, 05/06/2015 - 16:11
Cloud Services

You may have heard about Ransomware attacks in the last few months. These are attacks that seize control of your machine or your data and demand a ransom to remove the virus. Back in the 90's, these attacks were less common but demanded large quantities of money and would target large organisations, governments and critical infrastructure suppliers.

More recently, the criminals involved in these attacks have realised that demanding small payments and targeting individual users can be more fruitful, and arguably is less likely to raise enough interest to warrant a law-enforcement counter-attack.

Back in September 2013, CryptoLocker emerged and was propagated via infected email attachments and links. It is particularly difficult to counteract, resulting in infected files and folders becoming encrypted using RSA-1024 public-key encryption, whilst a countdown to deletion of this data is initiated should you decide to not pay up. Payment of a few hundred pounds/dollars or even bitcoins is demanded.

At Information Security Europe 2015 this week, Steve Harcourt (Redstor's Information Security subject matter expert) found that these type of attacks were discussed in great technical detail. Organisations who specialise in detection and removal of these infections talked through what they call the 'Cyber Security Lifecycle' and how businesses should consider Cyber Security as a core business process.

A common theme from the conference was the understanding that prevention is no longer enough to protect yourself from attacks. It is certainly important to do everything possible to reduce the chances of being attacked, however these days it is necessary to take the attitude that 'I will get attacked at some point and need to consider how I react when it happens'.

The experts suggested that the number one action that all companies should take to protect themselves is to schedule regular point-in-time backups. Merely replicating data and services to another location for the purposes of resilience may just result in a quick replication of an infection.

In May 2015, a customer of Redstor reported a user had become infected with CryptoLocker. Fortunately they were a user of Redstor's Online Backup service and were able to quickly and completely rollback to a point-in-time just before the infection took place.

So, the message to take away is that in addition to your extensive spend on network security, your in-house patch policy to keep all servers up-to-date and your mobile device management policy, you also need to consider using Cloud Backup as a way to recover and rollback, should the inevitable happen.

Author : Steve Harcourt, Information Security, Redstor

Recent Articles

Redstor_GDPR_Arrival_blog Data Management

G-day Is Here!

The wait is over. The period for becoming compliant has finished and the General Data Protection Regulation (GDPR) is now in full effect.... read more

May 24, 2018
Redstor_Cloud_data_blog Online Backup

Is Your Cloud Data As Safe As You Think?

Cloud technology is fast becoming a stable in the IT strategies of all modern businesses. Well-known benefits like flexible and rapid deployment help... read more

May 22, 2018
Redstor_Wannacry_blog Ransomware

WannaCry A Year On

Ransomware attacks took up many headlines throughout 2016 and 2017 as their quantity and effect became widespread, costing organisations and... read more

May 16, 2018