Protecting against Ransomware attacks
You may have heard about Ransomware attacks in the last few months. These are attacks that seize control of your machine or your data and demand a ransom to remove the virus. Back in the 90's, these attacks were less common but demanded large quantities of money and would target large organisations, governments and critical infrastructure suppliers.
More recently, the criminals involved in these attacks have realised that demanding small payments and targeting individual users can be more fruitful, and arguably is less likely to raise enough interest to warrant a law-enforcement counter-attack.
Back in September 2013, CryptoLocker emerged and was propagated via infected email attachments and links. It is particularly difficult to counteract, resulting in infected files and folders becoming encrypted using RSA-1024 public-key encryption, whilst a countdown to deletion of this data is initiated should you decide to not pay up. Payment of a few hundred pounds/dollars or even bitcoins is demanded.
At Information Security Europe 2015 this week, Steve Harcourt (Redstor's Information Security subject matter expert) found that these type of attacks were discussed in great technical detail. Organisations who specialise in detection and removal of these infections talked through what they call the 'Cyber Security Lifecycle' and how businesses should consider Cyber Security as a core business process.
A common theme from the conference was the understanding that prevention is no longer enough to protect yourself from attacks. It is certainly important to do everything possible to reduce the chances of being attacked, however these days it is necessary to take the attitude that 'I will get attacked at some point and need to consider how I react when it happens'.
The experts suggested that the number one action that all companies should take to protect themselves is to schedule regular point-in-time backups. Merely replicating data and services to another location for the purposes of resilience may just result in a quick replication of an infection.
In May 2015, a customer of Redstor reported a user had become infected with CryptoLocker. Fortunately they were a user of Redstor's Online Backup service and were able to quickly and completely rollback to a point-in-time just before the infection took place.
So, the message to take away is that in addition to your extensive spend on network security, your in-house patch policy to keep all servers up-to-date and your mobile device management policy, you also need to consider using Cloud Backup as a way to recover and rollback, should the inevitable happen.
Author : Steve Harcourt, Information Security, Redstor