Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
Last week we sat down with David Gugick, VP of product management at CloudBerry Lab, and Eugene Rudinsky, one of their lead solution architects, to discuss how ransomware works and how we can protect ourselves and our companies against it.
It’s a hot topic of late, given all the ransomware attacks that have threaten large and small organizations alike in the past year alone. For some, it feels like a new threat that’s emerged with a vengeance given the rise in cryptocurrencies like Bitcoin. But it turns out, ransomware is nothing new. Did you know the first-ever reported instance of ransomware (at least, according to the Wiki page, Gugick said) was in 1989?
“So it’s been almost 30 years that we’ve been dealing with this… before the internet was even really a thing,” Gugick said.
While those of us who work in tech security understand it well, it’s often a broad topic to those who aren’t as well-versed in how it’s built and how it spreads. So we took a step back to truly understand this threat.
By definition, ransomware is a type of malicious software or malware that takes control of either your files or the entire disc and can threaten to release your information or block your access to it. This is a form of cryptoviral extortion where, if you don’t pay up you may lose access to files or your entire disc forever. Access is usually only returned once a ransom has been paid, hence the name—though sometimes, depending on how fast a strain is shut down or who the people are manipulating the virus behind the scenes, you still may not regain access even after you pay.
Ransomware is usually spread as a Trojan—an file you download through a bad website, for example—and will encrypt files to make your drive completely inaccessible.
In order to better understand this type of cyber virus, how it works and how it spreads, companies like CloudBerry Lab play around with ransomware behind protected, walled-off environments. This experience helps them build new methods of protection as well as better mitigation techniques.
“It could be anyone—even teenagers with code kits from illegal sites—building new ransomware,” Gugick said, warning us to be vigilant and careful with our behavior and downloads online.
It begs the question, when anyone can be creating and deploying ransomware, how can we protect ourselves?
The first thing Gugick recommends? “Educate yourself, your employees, your coworkers your family on which files are OK to open and which are not,” he said.
Other things to avoid include, executable files and old document attachments from no longer supported versions of programs.
In the professional world, Gugick said IT admins should minimize or eliminate personal email access at work and encourage employees to only use personal devices for personal web browsing.
Here are his tips for handling ransomware— before and after infection:
Protect & Prevent
- Patch operating systems
- Stop using old, unsupported operating systems like Windows XP or Vista
- Use security/antivirus
- Update security policies to establish a disinfection plan and security approach
Protect with Backup
Keep multiple versions of files
Practice the 3:2:1 backup rule, which is three copies of data in two backup locations on site and one location off site
Detect and Disinfect
- If your antivirus detects malware, you’re good to go
- If detection is only realized after infection, disconnect from network, turn off machine, and follow security protocols
CloudBerry Lab, Gugick explained provides cloud-based backup and disaster recovery for businesses of all sizes. They provide support across platforms and for more than 30 cloud storage vendors.
Why are Services Like This Important?
“There are dozen of things to go through when you deal with malware in computer system… Different approaches, different recommendations. You have to learn something for your particular case or organization or home user. One of the things we have discussed is backup. It’s quite important. he reason for the demonstration is to show that and explain how backup can help combat ransomware and recover if you face those issues,” Eugene Rudinsky said.
To learn how Rudinsky handles file infection scenarios and inside system infection scenarios, be sure to check out the webinar on demand!