Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/21/2016
09:30 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

How Best To Back Up Your Data In Case Of A Ransomware Attack

A ransomware attack could be around the corner, but there are some practical steps you can take to back up your data and deflect the attack.

The recent surge in ransomware attacks against hospitals and other organizations has added a new sense of urgency to already-increasing security worries for small- to midsized businesses (SMBs) and consumers over how to protect their data from cyberattacks.

Ransomware is malicious code that uses advanced encryption algorithms to block system files and demand payment in return for the key that can decrypt the blocked content, explains Andra Zaharia, marcom manager at Heimdal Security.

“Similar to advanced financial- and data-stealing malware, ransomware can evade detection by normal antivirus products, but that’s where the similarity ends,” Zaharia says.

Ransomware attacks increased by 165% in 2015 compared to previous years, according to Engin Kirda, co-founder and chief architect at Lastline Labs. High-profile incidents include the Cryptolocker ransomware that infected 250,000 computers around the world, and this year, attacks suffered by Hollywood Presbyterian Medical Center in Los Angeles, MedStar Health Inc., Calif., Methodist Hospital in Henderson, Kentucky, and Southern California’s Chino Valley Medical Center and Desert Valley Hospital, both of which belong to the Prime Healthcare Service chain.

The malware encrypts the content and warns the victim that a ransom fee must be delivered within a certain timeframe. And if that ransom is not paid, the encrypted content is often lost for good.

The good news is that there are some common-sense steps you can take to protect your company – and your data -- from ransomware. A key step is properly backing up data regularly, as well as protecting your backup itself from getting infected with ransomware. Here’s a list of steps compiled with input from experts Zaharia, Kirda, Stu Sjouwerman, founder and CEO of KnowBe4, and Earl Carter, Talos senior threat researcher at Cisco Systems:

1.      There’s no protection from ransomware without backup. The first question a security pro will ask you when you report a ransomware attack is whether you have any backups. In many instances, simply by having a backup copy, you can then erase the drive, reinstall the operating system, restore the backup copy, and then start fresh. So remember:  no backup, no protection from ransomware.

2.      Think redundancy. Most experts say you need to have three forms of backup: realtime, daily incremental, and weekly incremental. One of the three should be offsite with a cloud provider and the other two can be at different spots at your company, or at two separate locations.

3.      Isolate your backups. The backups should not be connected to a shared drive. Sure, you can be infected with ransomware during a backup session, but you really hedge your bets when you isolate exposure to just when you run the backups. Also, ransomware can infect both mapped and unmapped drives, so your best bet is to separate your backup drives from the network.

4.      Take snapshots. By creating snapshots of the incremental updates, the attackers may still have access to recent updates, by they won’t have access to the previous incrementals.

5.      Automate patching. US-CERT reports that proactive patching can eliminate 85% of cyberattacks. This includes ransomware, so patch Windows or the core operating system as well as any third-party plug-ins you may use. Remember that the attackers start by looking at third-party apps and applications that are not used that frequently. In fact, if there are applications you don’t use that frequently, disable them and enable them only when you use them.

6.      Educate everyone. It’s important to make your staff aware of these threats. Start by doing a baseline, sending a simulation via email to see how many people clicked on the test email. Odds are the percentage of those who clicked will be high to start. Then train everyone with online simulation tools, making it engaging and getting everyone in the company involved. Finally, run random simulations that the staff knows is coming, but don’t reveal the timeframe. Over several months, the staff’s percentages will improve and you would have more than likely prevented a ransomware attack.

Related Content:

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
AWS CISO Talks Risk Reduction, Development, Recruitment
Kelly Sheridan, Staff Editor, Dark Reading,  6/25/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12888
PUBLISHED: 2019-06-26
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-12887. Reason: This candidate is a reservation duplicate of CVE-2019-12887. Notes: All CVE users should reference CVE-2019-12887 instead of this candidate. All references and descriptions in this candidate have been removed to preve...
CVE-2019-12280
PUBLISHED: 2019-06-25
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
CVE-2019-3961
PUBLISHED: 2019-06-25
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browse...
CVE-2019-9836
PUBLISHED: 2019-06-25
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.
CVE-2019-6328
PUBLISHED: 2019-06-25
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.