Oops! Facebook-savvy Russian hackers guessed your obvious reset password question and commandeered your servers. They want a fat sum of Bitcoin before they relinquish control of your data. What’s your next move?
Hack them back? Run the AES key through PowerShell and hope they’re amateurs? Pay them the lousy Bitcoin?
None of the above!
The right answer is to fetch last night’s backup copy from the storage closet.
Ransomware protection is as simple as regularly backing up your data. It is something you should already be doing. Preventing Mamba, HDD Cryptor, TeslaCrypt, and other scary-sounding bugs from deserializing your servers takes nothing more than a system restore. It’s so easy that it doesn’t seem quite fair to the cybercriminals and all the work they put in.
Hackers are pretty clever. They design ransomware that is backwards-engineered from popular AV software coding so it flies under the radar through your network. First they use a bit of smooth social engineering to slip into an inbox. From there he sends out the ransomware in a company e-mail, mimicking a trusted coworker sending a file. When opened it, the malware exploits weak Java code en route to encrypting web and application servers.
The San Francisco Municipal Transit System succumb to one such attack the Friday after Thanksgiving. The high profile breach made juicy headlines, but a system restore brought services back online in a matter of hours, and closed the book on the ordeal in less than two days—no ransoms paid, and no sensitive information compromised—according to what an SFMTS spokesman told Ars Technica.
Why do hackers go to all the trouble with ransomware? Enough companies have lax backup strategies to make it pay. “As the SFMTA’s experience illustrates, having proper and regular backups of your data can save you bundles,” notes security analyst Brian Krebs. “Unfortunately, this is often easier said than done, especially for small businesses.”
Protect against ransomware like any other data loss threat—flood, fire, major system malfunction, catastrophic human error, alien invasion—with the 3-2-1 backup system.
A good backup system is just as important as a firewall appliance or endpoint security for a holistic ransomware prevention setup.
Three copies of data, two types of data storage, one is stored offsite.
Recap: How do you stave off a ransomware attack?
Maintain a regular schedule of backup processes. Nightly, weekly, bi-weekly—frequency depends on the scale and scope of the business. Windows Server 2008 and later makes backup for a small business domain relatively straightforward.
Keep backup copies onsite but offline. Disks should be unreachable by cyberattack and stored off the network. Keep the disks secured near the datacenter so you can restore data relatively quickly should ransomware infiltrate your domain.
Dedicate a USB 3.0 direct access storage (DAS) device that lives off the network for regular backups. Back up to this from your network attached storage. Here’s an excellent guide on how to backup to USB from a Synology.
Make sure offline storage is REALLY offline! A powered down VM host often can be turned on and accessed over a network with VM management software.