Guest Column | February 9, 2017

Protect All Endpoints From Ransomware

Omry Farajun, Storage Guardian

By Omry Farajun, President, Storage Guardian

If you think your business is safe from ransomware, consider the following from the U.S. Department of Justice: in 2016, more than 4,000 ransomware attacks were launched each day, a 300 percent increase from 2015. And it’s not just big enterprises being targeted. Another industry survey found more than half of SMBs found themselves devoting considerable time and money resources to ransomware attack recovery last year.

The reasons for this epidemic are multi-fold:

  • Employees, even those who have undergone security awareness training, are notoriously careless and will continue to be tricked by increasingly sophisticated code-bearing emails designed to introduce malicious programing into an organization’s database.
  • Security software simply cannot keep up with evolving nature of ransomware. Cyber terrorist software constantly morphs to evade detection by security solutions, quickly rendering the best anti-malware/anti-ransomware solutions ineffective.
  • Too many organizations give in to the criminals’ demands. This encourages cyber terrorists to expand their operations. In fact, it’s not unusual for them to return to the same company repeatedly once they realize how easy it is to get paid.

Because the chance of dodging a ransomware attack is slim, the best defense is a putting in place a backup, storage, and restoration solution that provides the ability to quickly rebuild a network and return data to a point in time before the attack took place. The key to success is to include all data in a business continuity strategy, including that residing on the following endpoints:

  • Desktop Systems. Most organizations are conscientious when it comes to including networked desktops in a BDR strategy. Unfortunately, too many who run Macs get sucked in by myths the OS X is immune to malware attacks. Not true. One example is KeRanger, ransomware that specifically targeted Mac users. Businesses need to ensure data on all desktops, whether they are Windows or Mac or some combination of both, is included in a backup plan.
  • Mobile Devices (including laptops). One oft-overlooked data repository is the mobile device. Today’s increasingly mobile workforce is creating, updating, and sharing data directly on laptops, smartphones, and tablets that are rarely (or maybe even never) connected to company networks. Hijackers strike these devices via links on social networking sites and in text messages, through weaponized mobile ads and applications, and via code embedded on downloaded documents. Not only can the malicious software be transferred to a business’s network, the individual device itself can be locked, making files stored on it inaccessible.
  • The Cloud. Many believe files saved in the cloud are safe from ransomware and can excluded from a BDR strategy. This is a huge mistake. Although the data itself is protected while stored in the cloud, the business may not always have access to its files. This is an especially critical detail for organizations that must comply with email and document retention regulations. Take Microsoft Office 365, for example. By default, deleted Office 365 data is non-recoverable after 30 days unless a company springs for more costly versions. Moreover, all cloud data is automatically removed 90 days after a subscription ends. Smart businesses keep a backup copy of SaaS files in a secure data center independent of its own network and the Microsoft cloud.

Unless you plan to pay cybercriminals to unlock your data and/or devices (and they may not even do this after you hand over the money), the key to dealing with ransomware is to take a “when” instead of “if” stance and put in place a robust off-site, encrypted solution that provides for easy backup and restoration of data from all endpoints. When evaluating options, be sure to ask the following questions:

  • Is the solution compatible across all major operating platforms and devices? In addition to supporting the usual Mac- and Microsoft-based operating systems, a backup solution needs to be able to support companies with endpoints on less common platforms. A BDR solution also needs to support Android and iOS mobile device platforms as well as SaaS platforms, including Microsoft Office 365, Salesforce.com and Google’s G Suite (formerly Google Apps).
  • Are robust data analytics and reporting tools available? Administrators must have access to real-time information about each endpoint. In addition to monitoring backups, the details available through analytics help in the development of an appropriate recovery point objective (RPO) and a recover time objective (RTO).
  • Does the solution offer device-specific mobile apps to securely manage and transfer data from mobile devices? Employees should be able to easily schedule backups and initiate manual backups directly from their mobile devices. The app also should provide the means for a user to quickly restore lost data to the same device or to a new one.
  • Will the solution alert if backups are not completed? If a backup job is not completed properly for whatever reason, administrators need to be proactively alerted about the problem and have access to technical advice if needed.
  • How long are earlier versions of data accessible? Often Trojan horse ransomware inserts itself into a network or device and then sits dormant for weeks or months. If the only backups available are from post-infection, restoring those backups will simply re-load that malware into the system. This ability to go back to a version not affected by ransomware is especially critical when a business has additional regulatory requirements, so ensure the solution chosen provides a flexible retention policy that is enforceable by you or your customer.

Once a solution in in place, get truly obsessive about data backup. Only when an impacted organization can easily go back to a point just prior to infection will it be able to get back to business as usual.

Read more here about how one Managed IT Services company successfully recovered from what could have been a devastating ransomware attack.