Professional Documents
Culture Documents
The Definitive IT Guide To Ransomware
The Definitive IT Guide To Ransomware
IT GUIDE TO
RANSOMWARE
Inability to Recover 4
IT Checklist 7
End-User Checklist 8
Protect Your Data 9
2
Ransomware: The Threat
Everyone has heard of ransomware.
Six years ago, the term barely even registered on the map. But in May 2017, ransomware hit peak
heights with the WannaCry attack that targeted businesses worldwide. And the attacks are only
getting worse.
Every industry has been targeted and every size of business. While you have a lot of say over what
kind of devices, clouds, and systems you use, you have very little control over, for example, user
mistakes and human error, which leaves some pretty gaping holes in your systems.
Juniper Research forecasts that criminal data breaches will cost businesses over $8 trillion within
the next 5 years. Small to medium enterprises are particularly at risk, spending less than $4000 on
cybersecurity and preventative measures.
ioFABRIC.com 3
Older infrastructures are even more at risk: “The attacks on
hospital infrastructure show that inadequate cybersecurity
can now cost lives as well as money,” remarked research 50%
author James Moar. met their recovery time
objectives after a failure
Another reason ransomware is so terrifying is
that law enforcement has little recourse.
The vast majority of ransomware crimes are initiated
85%
had no recovery plan or
overseas, which poses substantial challenges for law
enforcement with regards to prosecution – complicated by were less than 100%
the possibility of state-sponsored attacks. Cyber crimes confident in their plan
originate in over 190 countries around the world. Russia,
31%
Nigeria, China, and North Korea are the most publicized.
But ransomware itself is not the whole problem. Businesses of those who
are not confident that they can recover, even in the event of
experienced data loss
restoring all the data after a successful ransom payment and
unlocking of their data. said they lost a day or
more of data
22%
tolerance for downtime during a failure, a weakness that
must be addressed.”
ioFABRIC.com 4
Anatomy of a
Ransomware Attack
For one mid-size manufacturing business (that
prefers to remain nameless), it was an email to an
executive that set off a nightmare chain of events. “ Each time along the way,
[the pirates] released a
The email appeared to come from a customer – little bit more server
one the executive was familiar with – and it had an
information, but they
unsolicited attachment. The recipient was leery of
opening it, and “confirmed” via email that the knew exactly which
sender did indeed send the message. Fortunately, information was valuable.
nothing out of the ordinary seemed to happen.
They only released the
A short time later, however, the customer tells the most valuable data when
executive he didn’t send either email. The exec all the ransom was paid.
asked the IT team to scan the system for viruses
and malware, but nothing obvious was found. ”
Two weeks later, it hits. The company received notice that all its active data and offsite backups
were encrypted by hackers who demanded payment to recover business-critical information.
The company decided to pay the ransom of 10 bitcoins, at the time the equivalent of around
$50,000. Cryptocurrency is preferred by ransomware perpetrators because it’s untraceable, and
once payment is made, payments can’t be revoked. It can be “spent” throughout international
marketplaces and can be quickly split apart and traded away, making it nearly impossible for
authorities to intervene.
“The pirates were very savvy,” said Frank Kuschmierz, CEO of Xenium. “The first step was to show
that they had the data. They said, ‘Here’s one server, here’s one password for it so you can
unencrypt it and read it again.’ After knowing that they had the information, 10 bitcoins were
paid and the pirates released five more servers.
“Because it took two days to get everything arranged, and to get the bitcoins, the pirates literally
said, ‘OK, we want 5 more bitcoins.’ Each time along the way, they released a little bit more
server information, but they knew exactly which information was valuable. They only released the
most valuable data when all the ransom was paid.”
ioFABRIC.com 5
Even after recovering all of the hijacked servers, the nightmare continued. The pirates inserted
some malicious code that caused the restored servers to crash, so recovery took three times longer
than expected. Kuschmierz said that it is common for pirates to come in and hit again if companies
are not quick enough to put in preventative measures.
Kuschmierz says that fortunately, effective cyberattack protection is much the same as everyday
data protection processes already in place at most organizations: protect data offsite, educate
users, use firewalls to secure points of entry.
ioFABRIC.com 6
Ransomware:
The Solution
While you know you have done everything to ensure your data and systems are safe and protected,
there are still very real risks.
We have put together a short list of do’s and don’ts. It’s a simple list that educates on the risks that
human error can pose in the context of data loss and ransomware. Check out the next page to see
and print that.
In the meantime, here are some basic questions for you to make sure you have thought of
everything.
You might even have immutable files, but if the whole disk is
encrypted under that, it won’t help. What you need is
immutability, where the backups are stored in a format only
accessible by the recovery mechanism, not by the normal disk
techniques that ransomware can exploit.
Make sure your data is safe, replicated, immutable, and with regular backups stored offline, at
another site, or on another network.
Test your recovery process to make sure it works. Validate that your backups can boot and the data
on them is uncorrupted. Mishandling a recovery will lead to corrupted data, which may be just as
bad as the encryption from the ransomware.
ioFABRIC.com 7
Ransomware: A Checklist
You may not know it, but YOU are the first line of defense against viruses and ransomware at your
organization.
Be the hero who keeps your own safe! Use this checklist to stay ahead of the latest threats.
No matter how the email arrives, there are a few ways you can deal with it:
1. Contact the person or department who sent you the email – but don’t “reply to” their email
address. Instead, use a secondary form of communication to contact them. Text them, phone them,
send them a tweet – but verify that they actually sent the email.
2. If the boss asks for a big money transfer and you can’t (or don’t feel comfortable) getting in touch
with them, check with other VPs to be sure.
3. If there is a link to a website with an account portal for logging in, don’t just trust that it looks like a
portal you have used before. Check the URL address to see if there is https or http. If it is http, you are
in trouble. The biggest signifier of a “look-alike” site is that it won’t be secured (you won’t see the
“s”) – it is much harder to fake a website if you have to secure it.
4. See a Microsoft Word attachment? Don’t open it until you know where it’s from. Hackers can put
scripts into Word documents that will execute programs and open your computer to attacks.
ioFABRIC.com 8
Protect Your Data
Since ransomware even penetrates into backups, it can be hard to trust that your trusted and true
safety blanket is actually without malware.
How do you fight back against this? Some products allow you to ransomware scan, but if the
encryption only kicks in later, you will likely still get hit. You can’t be there 24/7 to manually validate
that every single backup is bootable and without ransomware.
ICAS by ioFABRIC
ICAS serves as an on-premise backup, replication, and archival target for your existing backups and
file services. As either a virtual or physical appliance, the data-aware ICAS classifies, analyzes, and
indexes files. All files are scanned, indexed and replicated offsite.
ICAS is not a backup product. ICAS is an intelligent archive that delivers always on data for
companies who value their data.
3-2-1 Compliance
ICAS helps customers comply with backup best
practices by automating the creation and
placement of two additional copies, an additional
format, and a copy offsite.
Reduce Risk
By validating the backup is bootable and
ransomware scanning it for encryption activities,
ICAS gives you tested, secure, immutable, and
continuously available data, ready to recover.
All-in-One Pricing
Predictable monthly pricing includes cloud
subscription and hardware, making it an easy
decision.
ioFABRIC.com 9