What does this mean?

Ransomware is malicious software code designed to deny access to a computer system or data until a sum of money is paid.    So, let’s put it into context, similar to when people are held at ransom for money, ransomware attackers will write a malicious software code that will hack into your computer system, encrypt your data and information, thereby denying you access to your files, databases, or applications in exchange for money. The only way to gain access to your data would be to pay the ransom. In some instances the attackers will threaten to publish the information if the ransom is not paid.

Common Types of Ransomware

SIRIS Cyber Security

As new Ransomware variants arise regularly, it can be challenging to keep track of the different strains. While each malware strain differs, they rely on similar tactics to take advantage of users and hold encrypted data hostage.

Top 10 most well-known Ransomware strains

 

1.     Bad Rabbit

2.     Cryptolocker

3.     GoldenEye

4.     Jigsaw

5.     Locky

6.     Maze

7.     NotPetya

8.     Petya

9.     Ryuk

10.  Wannacry

Although there are countless strains of Ransomware, they mainly fall into two main types of Ransomware. These are crypto-ransomware and locker Ransomware.

What is Crypto Ransomware?

Crypto Ransomware encrypts valuable files on a computer so that they become unusable. Cyber Criminals that leverage crypto-ransomware attacks generate income by holding the files to ransom and demanding that victims pay a ransom to recover their files.

What is Locker Ransomware?

Unlike Crypto-Ransomware, Locker Ransomware does more than just encrypt files, it also goes further and blocks access to device that has been targeted. In these types of attacks, cybercriminals will demand a ransom to unlock the device.

For both Cypto and Locker attacks, users can be left without any other option to recover back to normal than pay the ransom. That’s why it’s vital to take steps to prepare your systems to recover without falling victim to cyber attackers.

How to protect yourself from Ransomware attacks

Ransomware is one of the significant issues that organisations face today, the main way that ransomware gains access to the systems is by relying on human interaction to trigger the attack. This is done by tricking the user to click or download a safe or legitimate looking file or link received by email from a legitimate looking sender, however some strains such as Wannacry, exploit unpatched or out-of-date patches to gain access to systems.

Therefore, it’s essential to ensure that you apply security best practices to minimize your risk of falling victim to Ransomware.

What is the solution for enterprises?

Put Your Data in Safe Mode

The key to effectively protecting data is to bring all the disparate silos (data lakes and backup appliances) together and then create a read-only snapshot of the data.

 These are then placed into a safe mode so it can’t be deleted, modified, or encrypted by any Ransomware. In practice, this is an automated process and independent of administrator control – which also means the snapshots can’t be deleted by accident or by rogue employees.

There’s a lot of artificial intelligence, analytics, and testing involved in this approach. However, it vastly simplifies the process and requires very limited human involvement because it’s highly automated.

To boost security further, this model requires an authorised individual to work directly with the technology provider to reconfigure the snapshots, make policy modifications, and/or manually delete them. It essentially adds another checkpoint. Not only can the malware not encrypt or delete the snapshots, neither can the IT team (without the suppliers support).

 So, by continually creating an unencrypted copy of all the organisation’s data, should Ransomware make it past the perimeter security defenses, the snapshots are safe and can be swiftly recovered – to ensure businesses can maintain uninterrupted service delivery to their customers.

How can Data Sciences Corporation protect your data?

As you know, one of our largest and longest partnerships is with Pure Storage who have several strategies on how we can assist you in protecting and keeping your data safe.

Ransomware attacks continue to be top of mind for business and IT leaders. And for a good reason. They compromise access to your organisation’s lifeblood – data. Consequences can be dire: Pay perpetrators to (maybe) unencrypt your data, stumble with decryption tools, or gamble on recovering from backups. Yet, with millions of dollars spent annually to guard entry points to data, many still underestimate the strategic value of augmenting data protection.

Your Existing Data Protection May Not Be Enough

Backups safeguard critical data against common scenarios such as recovering from natural or manmade disasters, data corruption, or accidental deletions. However, Ransomware attacks can stress existing data protection infrastructure built on legacy architectures, such as disk and tape, more than expected.

First, if you’re already struggling with meeting recovery SLAs, a Ransomware attack can exacerbate the situation with additional downtime. Second, your backup systems and data can be compromised, which could require you to reinstall and reconfigure your backup solution before even contemplating data recovery.

Pure Storage acknowledges and shares the concerns around Ransomware. As a result, they’re pleased to introduce a new approach to mitigating against these attacks when using Pure FlashBlade systems.

SafeMode snapshots, a built-in FlashBlade feature, enable you to create read-only snapshots of backup data and associated metadata catalogs after you’ve performed a full backup. You can recover data directly from these snapshots, helping to recover after Ransomware attacks and even rogue admins. In addition, FlashBlade provides the following benefits:

Enhanced Protection:

Ransomware can’t eradicate (delete), modify, or encrypt SafeMode snapshots. In addition, only an authorized designee from your organization can work directly with Pure Technical Support to configure the feature, change policy, or manually eradicate snapshots.

Backup Integration:

Utilize the same snapshot process regardless of the backup product or native utility used to manage data protection.

Flexibility:

Snapshot cadence and eradication scheduling are customizable.

Rapid Restore:

Leverage a massively parallel architecture and elastic performance that scales with data to speed back up and recovery.

Investment Protection:

FlashBlade includes SafeMode snapshots at no extra charge. Your Pure subscription or maintenance support contract cover enhancements.

Read More

Download the PDF and Stay safe with SafeMode