How to fight back against ransomware

DisasterRecoveryLady here; did you miss me? The year’s only half over, and we’ve already seen a ton of ransomware and viruses being spread through email. What’s worse, the attacks keep getting more sophisticated! For example, the Verge reported in May that Google Docs users were targeted in a phishing scheme that sends them an email invitation from someone they may know. Clicking on the link takes them to a real Google sign-in screen — but takes advantage of the fact that you can create a non-Google web app with a misleading name. Clicking on “Continue to Google Docs” launches a malicious third-party app named “Google Docs,” and, just like that, the phishers have access to your email and address book!

And of course, there’s also ransomware, which often spreads through email and email attachments, and is quickly becoming the word of the year. A study by IBM Security found that the number of ransomware-infected emails increased a staggering 6,000 percent from 2015 to 2016.  In fact, ransomware was in almost 40 percent of all spam messages in 2016! Anyone else betting that number of ransomware attacks will be even higher this year?

So what can you do to prevent attacks, protect your environment, and remediate the damage?

There’s no preventing attacks.

It is a great thought to prevent these attacks from ever happening, but remember what I said above. Attackers are constantly getting more creative, and they also have strong motivation:  Ransomware netted them a billion dollars in 2016, so don’t think for a second that they might slow down the barrage this year.

Okay, what about protect?

We pay people a decent amount of money to protect us and our data. But 86% of data loss has some type of human element attached to it — mistakes will happen and there will be gaps. The wisest course of action is to assume that some attacks will get through.

Crap, now I am worried. We only have one option left — remediate!

Okay, so this is where I come in to help you save the day! You should always have an option to remediate anything and everything in your environment.

(Note: I also always recommend testing your remediation plans periodically as well.)

At Quest, we have a solution called Recovery Manager for Exchange, which can help you detect and delete phishing emails before they can do harm, as well as recover from phishing attacks that get through. It’s ideal for hybrid environments and e-discovery requests, and helps ensure the availability and security of Exchange environments.

But how can Recovery Manager help with a ransomware attack?

Recovery Manager for Exchange can connect to your production Exchange servers, search for keywords associated with a ransomware attack and immediately delete all messages in your Exchange environment that contain this term — hopefully, before your fellow employees come into the office and open any of them! You can search the message body, ID, headers, message classes, categories, deleted items, conversation threads and attachment type. You can also expand your search results to include all messages with the same sender, all messages with the same or similar subject or all related messages.

If malware does delete or corrupt some of your email data, Recovery Manager for Exchange is ready! You can quickly restore mailboxes, email content and mailbox permissions for Exchange and Exchange Online.

So the next time you find some unwanted emails roaming around your Exchange servers, check out Recovery Manager for Exchange and see for yourself. It could save you time and even a pile of Bitcoin!

Download Free Trial

About the Author
Keri.Farrell
Keri Farrell is a Senior Product Manager for Quest and has worked for Quest for 11 years but has been in the IT industry for 20 years. She specializes in Disaster Recovery for both Active Directory and...