Protecting against Ransomware attacks

Fri, 06/05/2015 - 16:11
Cloud Services

You may have heard about Ransomware attacks in the last few months. These are attacks that seize control of your machine or your data and demand a ransom to remove the virus. Back in the 90's, these attacks were less common but demanded large quantities of money and would target large organisations, governments and critical infrastructure suppliers.

More recently, the criminals involved in these attacks have realised that demanding small payments and targeting individual users can be more fruitful, and arguably is less likely to raise enough interest to warrant a law-enforcement counter-attack.

Back in September 2013, CryptoLocker emerged and was propagated via infected email attachments and links. It is particularly difficult to counteract, resulting in infected files and folders becoming encrypted using RSA-1024 public-key encryption, whilst a countdown to deletion of this data is initiated should you decide to not pay up. Payment of a few hundred pounds/dollars or even bitcoins is demanded.

At Information Security Europe 2015 this week, Steve Harcourt (Redstor's Information Security subject matter expert) found that these type of attacks were discussed in great technical detail. Organisations who specialise in detection and removal of these infections talked through what they call the 'Cyber Security Lifecycle' and how businesses should consider Cyber Security as a core business process.

A common theme from the conference was the understanding that prevention is no longer enough to protect yourself from attacks. It is certainly important to do everything possible to reduce the chances of being attacked, however these days it is necessary to take the attitude that 'I will get attacked at some point and need to consider how I react when it happens'.

The experts suggested that the number one action that all companies should take to protect themselves is to schedule regular point-in-time backups. Merely replicating data and services to another location for the purposes of resilience may just result in a quick replication of an infection.

In May 2015, a customer of Redstor reported a user had become infected with CryptoLocker. Fortunately they were a user of Redstor's Online Backup service and were able to quickly and completely rollback to a point-in-time just before the infection took place.

So, the message to take away is that in addition to your extensive spend on network security, your in-house patch policy to keep all servers up-to-date and your mobile device management policy, you also need to consider using Cloud Backup as a way to recover and rollback, should the inevitable happen.

Author : Steve Harcourt, Information Security, Redstor

Recent Articles

Redstor_Alternative_accountancy_strategic_blog Redstor

Redstor Accounting For Financial Data Backups at The Alternative Accountancy Strategic IT Conference 2018

Continuing from a series of events in the first two months of the year, Redstor will be in attendance of this years, Alternative Accountancy... read more

February 20, 2018
Redstor_CryptoJacking_blog Data Protection

Crypto-jacker Leaves ICO In Its Wake

Cyber-attacks and ‘hacks’ made regular headlines throughout 2017, and in the UK the Information Commissioner’s Office (ICO), was there to oversee all... read more

February 15, 2018
Redstor_100Days_to_GDPR Data Protection

100 Days To Go…

Wednesday 14th February 2018, valentine’s day, but more significantly it’s 100 days until G-day. May 25th, 2018, the day on which The General Data... read more

February 14, 2018