Ransomware is a malware that is again in the list of security concerns. Not only for companies, but also for Government security and even at personal use. IT departments should be aware and have the right knowledge to how to fight it. Not only about the malware, but also how to be protected against this type threat.
For corporate companies and mid-size (SMBs), companies have an IT department or at least have an outsourcing IT department, which should have some knowledge about this type of threats. However, do they know how to protect infrastructures against this kind of malware? On the other hand, how to protect their Backups against this sort of threat? Backups are also not fully protected against ransomware.
What is Ransomware?
A quick view of what is ransomware: This threat has spread very fast since 2013. Encrypting ransomware is an advanced encryption algorithm. It will block and encrypt your data, (files, documents, videos, audio, etc.) from any device, computers, and smartphones. Can block/encrypt the files, or block the entire system and you will not be able to login and have access to your data anymore.
Fundamentally, malware for data hijacking, a malware exploit where the hacker encrypts the victim files and data and demand a ransom for the key that will decrypt the victim files or device.
This is a threat that created to hijack your system files and demand payment to provide the victim with the key that can decrypt the blocked content. Malware such as CryptoWall, CryptoLocker, and TorrentLocker, encrypts files stored on computers, and network drives. Once infected, your files are encrypted and your only option to have your files/systems back is to pay the ransom or lose all your data previously stored on the computer or storage device.
An example of Ransomware attack.
Then you have 1 to 3 days to pay the fee. Fees around 300 USD or EUR, paid by MoneyPak; or BTC2 (two Bitcoins, currently about $280).
How to protect from Ransomware?
- Always update your systems and have them up to date.
- Do not accept suspected files/emails.
- Disable Remote Access (only enable RDP if needed).
- Install a good Antivirus and use firewalls.
- Always have updated backups of all your files/data.
Note: For personal computers the rules are the same. Always follow above rules and always have a backup outside of your device (computer or smartphone).
These the normal procedures that everyone should perform in a regular base. Unfortunately are not enough because ransomware malware can bypass antivirus, Guest OS security patches, etc. Backups are the last resort for a restore of the systems. Again, unfortunately, backups can already been infected with the malware. Therefore, you will restore an infected system.
Focusing on Virtual Environments (but the same rules apply to physical systems) the solution is to have a proper Backup and set the universal rule of backups, 3-2-1 backup rule.
Companies data are very critical; the backup rule “3-2-1” is one of the most important processes that you need to implement in your Backup Infrastructure.
In the 3-2-1 rule keep at least three copies of your data. Primary backups are usually located in the Storage Backup Repository for a quick restore and at least two other copies. Send your backup data to two different Storage types and at least one copy in an offsite. Since backups can and will be encrypted, copy to offsite DR/Cloud is transferred via AES 256 encrypted link.
With your Backup, the 3-2-1 rule uses the Grandfather-Father-Son (GFS) Rotation theme as we have already discussed HERE in this blog. The backup retention period is crucial. What is your retention period? One week (5 days than in the 6th day starts over). What is your monthly/year retention? Always check what are the best retention period for your type of business and your data. Because RPO and RTO are crucial in the day you will need to restore your systems.
For Virtual Backups, most of the Backups tools have already options to have a Backup copy job, replication or to Backup to cloud like Nakivo, Vembu, Veeam or Altaro, including the encryption of the Backup data.
Let us indicate what Backup options we can use to how to create a 3-2-1 rule for your Backups; I will use Nakivo Backup & Replication tool.
Here is a design example of a 3-2-1 process rule:
These are the options that you should use for 3-2-1 rules and offsite backups or to backup to Cloud.
- VMware vSphere replication job (replicate your jobs to a second DR)
- Amazon EC2 replication job (replicate your jobs to a Cloud environment)
- Backup Copy
- Backup copy job (create a Backup copy to a different Backups Repository. To an offsite DR, or a Cloud)
- Backup Job
- Backup to TAPES (With NAKIVO Backup & Replication you can use disk-to-disk-to-tape / D2D2T)
Note: To use offsite DR, or Cloud environments, you need to add those repositories to your Nakivo Backup & Replication.
Always choose the right and safe Backup process for your Backup infrastructure and business. Have systems up to date, use 3-2-1 rule for backups and also a valid retention period, is a way to prevent a malware attack on your systems/VMs or Backups Data.
Hope this information was useful.
UPDATE 28/04/2017: Check this new post a possible solution to decrypt your device/data without paying any ransom: Ransomware: How to decrypt your device and data
Note: Share this article, if you think it is worth sharing.