Ransom malware has been a huge headache for many who suddenly find themselves in need of an effective data recovery tool. Ransomware attempts to trick computer users into believing a local police authority has detected illegal software on their computer and that they must pay a fine in order to regain access to the data. With victims including the likes of tech developers and, of all things, police departments, it seems no one is safe.
Police Department Pays Ransom to Regain Data Access
Boston’s CBS local reported about a data breach in Swansea, Massachusetts, where the local police department gave up $750 to regain access to their computers. This particular version was named CryptoLocker, which found its way into the police department’s system when an unsuspecting employee opened a malicious email attachment.
Given the good-old-fashioned advice to never open an email attachment from an untrusted source, one might speculate the user was ill-trained. But these emails can be deceiving, claiming to be from government agencies like the FBI, including official agency logos and disguising the malware as a PDF attachment. Once the attachment was opened, CryptoLocker encrypted all the files on the computer, requiring the victim to pay a fee in exchange for the access code.
All Cybercrime Roads Lead to Enterprise
The biggest problem in dealing with threats like Ransomware is poor preparation. Enterprise organizations can’t recover their data if they don’t have a strong backup recovery tool in place. Just backing up data to a mapped network or hard drive or even creating regular backup images won’t help if the backup isn’t secure. Ransomware will encrypt all the data on a PC, including all connected rives, which means your backups become useless.
Companies can even lose access to the data on network drives or, god forbid, the entire enterprise network. Ransomware such as CryptoLocker encrypts any data it finds on any mapped drive, even if the data on that drive is in the cloud. We can expect this software to attack any connected network in the near future, since a code change to make that possible would be almost painfully easy.
Wired.com’s Patrick Oliver Graf put it so well: “Even more worrisome is that beyond individual files, the network itself could be held for ransom, if a hacker gained the necessary read and write privileges by infiltrating a network administrator’s device. Cybercrime goes where the money is, and eventually, all roads lead to the enterprise.”
Partial Solutions Leave Systems Vulnerable
It seems that everyone wants to offer a solution to this problem, but many of them don’t go far enough. Microsoft focuses on anti-virus software solutions, but for anti-virus software to work, someone has to suffer the first attack and report it. You don’t want your organization to be the first victim of the next generation of ransomware when it finds a new way in.
Tech companies tend to recommend software restriction policies that stop executables from running in the space CryptoLocker launches from, but different viruses use different exploits and don’t always arrive via the same routes. Other suggested methods, such as keeping backups in a .zip file, seem just as easily surmounted by minor changes to ransomware code, which encrypts files based on their file extensions.
The Complete Solution to Ransomware
To be fully protected, companies need a combination of several strategies. Effective anti-virus software and employee training is the first step, but disaster plans that include an effective recovery tool must be used as a safety net should those measures fail.
At Quorum, we recommend a hybrid backup system that secures vital data where it can be accessed from our strategically placed servers in the event of a catastrophic data failure. Less vital data can be stored on tape to be retrieved and restored once the system is up and running again.
When recovering operations within minutes is vital, a Quorum appliance allows enterprises to run machines on the Quorum appliance from an updated virtual clone of protected servers. This one-click recovery tool is an affordable way to minimize downtime after a disaster.
Have Backup Hardware Available
In the case of a ransomware attack, enterprises must think about the infected hardware, as well. Disconnect all infected computers from all network communications so your tech staff can clean them before putting them back into service. A company can be up and running faster by keeping backup machines available that remain offline when not in use. These systems can be brought from storage and used to keep the business running while technicians clean infected computers of the virus.
Quorum systems protect enterprises from more than just disastrous malware attacks. No matter what the cause of the disruption, a hybrid system allows one-click recovery so businesses don’t miss a beat when problems occur. Use our online contact form to request a free quote on a Quorum disaster recovery solution.
Posted on 04/01/2014 at 12:00:00 AM
Enter both words below, separated by a space
Please enter the words or numbers you hear
This is a standard security test that we use to prevent spammers from submitting fake response More Help