Before we go into the benefits of how Rapid Recovery can help in a Ransomware case lets level set on what Ransomware is and how it affects a system. Ransomware threats such as CryptoLocker or CryptoWall are becoming more prevalent in enterprises. The goal of these threats is to extort money from their victims by encrypting their data until they pay ransom. There have been many examples of when businesses paid the ransom and the attackers then asked for more money. In some cases they didn’t decrypt the data at all and walked away with the money.
“For example, at Hollywood Presbyterian Medical Center, which recently paid the equivalent of $17,000 to cybercriminals, the ransomware didn't just encrypt files but severely affected operations for about 10 days, forcing staff to go back to paper records and fax machines. Local news organizations reported that some emergency patients were diverted to other hospitals.
"The malware locked access to certain computer systems and prevented us from sharing communications electronically," said CEO Allen Stefanek in a letter to the public.
For the hospital, the quickest way to restore the systems was to pay the ransomware.” – CSO Online
Some businesses feel that paying the ransom is the quickest way to a clean resolution. In reality all they are doing is funding the attackers to attack someone else or themselves again in the future. Who is to say they won’t take the money and run?
NUMBER 1 RULE: DON’T PAY THE RANSOM!
What are my options?
- Once you realize a system has been compromised remove it from the network. That way the attack can’t spread.
- Can I Brute-Force decrypt my encrypted files?
- No! Currently CryptoLocker and CryptoWall are using RSA-2048 bit encryption. It would take 1000+ years with reasonable computing.
- Restore the Data!
Rapid Recovery lets you protect anything — systems, apps and data — anywhere, whether it’s physical, virtual and or in the cloud. Run without restore, with zero impact on your users, as if the outage never happened. Connect to cloud simply and easily, and protect growing virtual environments automatically. Manage and configure your data protection in just a few clicks using one friendly, comprehensive GUI. With Rapid Recovery, you get one advanced, admin-friendly solution — with all capabilities included.
Rapid Recovery has 4 unique recovery options built to help with this style attack:
- Live Recovery
- Live Recovery enables you to restore the Meta data to quickly identify when the attack took place. Once you have this information you can do a whole disk or system restore utilizing Universal Recovery
- Universal Recovery
- This recovery option allows you to recover anything anywhere. You can restore whole physical machines, VMware, Hyper-V, and Oracle VirtualBox VMs, files or folders, and application objects in minutes to another physical or virtual machine located anywhere.
- Verified Recovery
- Rapid Recovery performs automated nightly mount checks of file systems and Exchange and SQL Server instances. If it finds problems that would prevent you from restoring the data, it notifies you so that you can fix the issue proactively. From this information you will know when you application got affected and which mount point you need to restore from.
- Backup and Restore From the Cloud
- Remote DR Core
- Having a remote core to restore from give you another location where you can kick off bare metal restores (BMR) or file-level restores (FLR) to a cloud environment or back to production
- Cloud Connector for long term archives
- Archiving in Rapid Recovery terminology is the ability to bundle snap shots together and place them into either removable media or cold cloud storage. This will give you many more recovery points to restore from if needed.
- Remote DR Core
How do I prevent this from happening again in the future?
There are many different ways you can protect your environment from attacks like this. Some are software or hardware fixes but others are simple culture changes you can make in your business.
- Business Continuity Program – Purchase and utilize software that matches the needs of your business.
- Make sure backup software can hit RPO and RTO goals set by the business
- Test backups Monthly / Quarterly / Yearly. This will help you gain confidence that an attack like is will not cripple your business and allow you to quickly recover.
- Put in place a multi-faceted security solution to protect your endpoints
- This protection should not only include protection for file based threats but should also include download protection, browser protection, heuristic technologies and firewall protection and email SPAM and Scanning protection
- OS and Application Updates – Best practice is to keep your OS and Applications up to date. This will ensure any vulnerabilities in the coding of the OS or Application will be covered
- A Security Awareness Program in your business. By bringing awareness of different style attacks that are out in the world. Employees will become more aware of what to look for during their day to day business.
If you don't want to become a victim of ransomware and want to keep you business safe take a look at Rapid Recovery and how it can restore your data back near-instantly. Please go to Quest Rapid Recovery to learn more.