<

Go Premium for a chance to win a PS4. Enter to Win

x

How to protect your VMs against Ransomware

Published on
3,990 Points
890 Views
1 Endorsement
Last Modified:
Luciano Patrão
My main areas of expertise are VMware, Virtual Backups and Storage design.
I am a vExpert and a Technical Blogger in the same areas.
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it. Not only about the malware, but also how  to be protected against this type threat.


For corporations and mid-size (SMBs), companies have an IT department or at least have an outsourcing IT department, which should have some knowledge about this  type of threats. However, do they know how to protect infrastructures against this kind of malware? On the other hand, how to protect their  Backups against this sort of threat? Backups are also not fully  protected against ransomware.


What is Ransomware?


A  quick view of what is ransomware: This threat has spread very fast  since 2013. Encrypting ransomware is an advanced encryption algorithm.  It will block and encrypt your data, (files, documents, videos, audio,  etc.) from any device, computers, and smartphones. Can block/encrypt the  files, or block the entire system and you will not be able to login and  have access to your data anymore.


Fundamentally, malware for data  hijacking, a malware exploit where the hacker encrypts the victim files  and data and demand a ransom for the key that will decrypt the victim  files or device.


This is a threat that created to hijack your  system files and demand payment to provide the victim with the key that  can decrypt the blocked content. Malware such as CryptoWall,  CryptoLocker, and TorrentLocker, encrypts files stored on computers, and network drives. Once infected, your files are encrypted and your only  option to have your files/systems back is to pay the ransom or lose all  your data previously stored on the computer or storage device.


An example of Ransomware attack.



Then  you have 1 to 3 days to pay the fee. Fees around 300 USD or EUR, paid  by MoneyPak; or BTC2 (two Bitcoins, currently about $280).


How to protect from Ransomware?


  • Always update your systems and have them up to date.
  • Do not accept suspected files/emails.
  • Disable Remote Access (only enable RDP if needed).
  • Install a good Antivirus and use firewalls.
  • Always have updated backups of all your files/data.

Note: For personal computers the rules are the same. Always follow above  rules and always have a backup outside of your device (computer or  smartphone).


These the normal procedures that everyone should  perform in a regular base. Unfortunately are not enough because ransomware malware can bypass antivirus, Guest OS security patches, etc.  Backups are the last resort for a restore of the systems. Again, unfortunately, backups can already been infected with the malware.  Therefore, you will restore an infected system.


Focusing on  Virtual Environments (but the same rules apply to physical systems) the  solution is to have a proper Backup and set the universal rule of  backups, 3-2-1 backup rule.


Companies data are very critical; the  backup rule "3-2-1" is one of the most important processes that you need  to implement in your Backup Infrastructure.


In the 3-2-1 rule  keep at least three copies of your data. Primary backups are usually  located in the Storage Backup Repository for a quick restore and at  least two other copies.  Send your backup data to two different Storage  types and at least one copy in an offsite. Since backups can and will be  encrypted, copy to offsite DR/Cloud is transferred via AES 256  encrypted link.


With your Backup, the 3-2-1 rule uses the Grandfather-Father-Son (GFS) Rotation theme as we have already discussed HERE in this blog. The backup retention period is crucial. What is your  retention period? One week (5 days than in the 6th day starts over).  What is your monthly/year retention? Always check what are the  best  retention period for your type of business and your data. Because RPO  and RTO are crucial in the day you will need to restore your systems.


For  Virtual Backups, most of the Backups tools have already options to have  a Backup copy job, replication or to Backup to cloud like Veeam, Nakivo, Vembu or Altaro, including the encryption of the Backup data.


Let  us indicate what Backup options we can use to how to create a 3-2-1  rule for your Backups; I will use Nakivo Backup & Replication tool.


Here is a example design of the 3-2-1 process rule:



These are the options that you should use for 3-2-1 rules and offsite backups or to backup to Cloud.

  • Replication
    • VMware vSphere replication job (replicate your jobs to a second DR)
    • Amazon EC2 replication job (replicate your jobs to a Cloud environment)
  • Backup Copy
    • Backup copy job (create a Backup copy to a different Backups Repository. To an offsite DR, or a Cloud)
  • Backup Job
    • Backup to TAPES (With NAKIVO Backup & Replication you can use disk-to-disk-to-tape / D2D2T)


Note: To use offsite DR, or Cloud environments, you need to add those repositories to your Nakivo Backup & Replication.


Always choose the right and safe Backup process for your Backup infrastructure  and business. Have systems up to date, use 3-2-1 rule for backups and  also a valid retention period, is a way to prevent a malware attack on  your systems/VMs or Backups Data.


Hope this information was useful.
                           
If this article was "Helpful", please vote in this Article. And I encourage  your comments and feedback.


1
Comment
0 Comments

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Join & Write a Comment

Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month