While IT departments around the world have been scrambling to protect their companies from the plague that is Ransomware, cyber criminals have been coming up with new ways to spread the virus; and it’s working. Studies show that Ransomware attacks have grown exponentially, from around 4 million attacks in 2015 to 638 million in 2016. Now, in 2017, the incidence of attack is on track to beat out last year.

This dramatic increase can, in part, be attributed to the spread of Ransomware as a Service, a new cyber threat that makes it easier for criminals to get their hands on the virus.

What is Ransomware as a Service:

Ransomware as a Service, or RaaS, is designed to make cyber crime more accessible to the masses. Advanced cyber criminals develop the malicious code of the virus and make it  available to download and use. With RaaS, Ransomware is not only cheap and easy to download, it’s easy to spread.  The authors of the virus either provide the Ransomware for free or charge a small fee up front. Then they will take a cut of each ransom, incentivizing the buyer to perform a higher volume of attacks for larger ransom. 

Why RaaS is a Threat:

With the onset of Ransomware as a Service, cyber criminals are now selling their Ransomeware and malware to a potentially much larger group of hackers, with little to no background in programming. This means that more and more cyber criminals are turning to this type of Ransomware due to its reduced barrier to entry. With Rasomware more readily available, more attacks will start to take place. For comapnies that are potential targets of an attack, this means that it is more likely your company will be infected and, if it is infected, the ransom will be much higher. 

Protecting your Business:

RaaS viruses are still spread in the same way as any other Ransomware viurs – through malicious email attachments, untrusted sites, infected links, etc. Protecting your business starts with educating your employees on the common ways that Ransomware is spread. Additionally, having a strong backup and recovery solution in place can help you recover from Ransomware faster, often without having to pay a ransom.

{{cta(‘c487f8ab-5e41-43d6-9053-0c3636a4dd99’)}}

The post How Does Ransomware as a Service Work? appeared first on OTAVA®.

Ransomware is a leading cause of downtime today and can affect any industry at any time. For this reason, it is important to be prepared and implement the proper precautions to ensure the recoverability of your data. In order to protect your business from Ransomware it is important to employ these 5 tactics, commonly referred to as the 3-2-1-1-0 rule:

• 3 copies of your data
• 2 different media
• one offsite
• one offline
• with zero errors after backup and recoverability verification

When Ransomware hits, the million dollar question is how do you get your data back so that you don’t have to pay? The answer is, hopefully you paid for the right backup solution. Let’s look at a scenario where we successfully navigate a Ransomware attack.

Ransomware Hits

Let’s say for example Ransomware infects a few VMs, maybe a file server and an exchange server. There are several ways to make sure the data is recoverable, but also that you can achieve granular restore.  The great thing about Otava and Veeam is that you can go into your VM and pick and choose which piece to restore.

Step One: Isolate the infected Machines

The first thing you want to do when your are hit with a Ransomware attack is to take the infected VMs off of your network so that the virus cannot spread.

Step Two: Alert the Authorities

When you are infected with Ransomware, it is urged to report these attacks to the proper authorities. The FBI has set up an Internet Crime Complaint Center in order to help with Ransomware and other Cyber attacks.

Check your Backups

Step 3: Deploy an On-Demand SandBox

Verify that you know your backups are recoverable before you start sending them offsite. To do this, Veeam allows you to spin up an On-Demand Sandbox.

This sandbox acts as a fenced off isolated network that does not affect production, IPs, or DNS. Within the sandbox, you can locate and test the last known backup copy by leveraging:

• Non-disruptive storage snapshots
• Secure deduped backup target
• other copies using the 3-2-1 rule

Step 4: Leverage Sure Backup

Veeam Sure Backup allows you to automatically test and verify backups. SureBackup allows you to power on VMs and make sure they are not only bootable, but that they respond they way they need to. SureBackup can then provide you with an audit trail report, this allows you to know at what specific point in time your backup is recoverable. This way, you can move this backup offsite and know with certainty that it has zero errors.

{{cta(‘4d614ca4-45c0-4811-9aaa-71ecc577ae2c’)}}

Begin the Recovery Process

Step 5: Choose your Restore Option

With Veeam, granularity is not a challenge. As long as you have a backup and you have verified it and you know that it is valid, there are several ways to restore.

Restore the whole VM

Restore full VMs in minutes using your onsite backups.

Restore just what was infected

Go inside your VMs and crack open specific workloads that were affected by Ransomware. As granular of a restore as you need.

The Bottom Line

When it comes to Ransomware, data protection is important, but is only a piece the puzzle. In order to have complete protection from a Ransomware attack, you need to have recovery. Veeam and Otava offer total protection from Ransomware with both Backup and Recovery. Ensure the safety of your data and prevent unnecessary downtime by investing in a solution you can trust.

The post How to Navigate a Ransomware Attack appeared first on OTAVA®.

1.  Don’t: Pay the Ransom

You’ve been hit by ransomware, and the first request is that you pay–often a substantial sum–in order to receive access to your files again. While it may be tempting to offer up the payment to get your business back to normal operating capacity as soon as possible, there are several reasons why you don’t want to pay the ransom. First and foremost, it’s important to realize that the creator of this particular piece of ransomware might have no intention of giving you the key–or might not even have it! Second, keep in mind that, like bullies, hackers who create ransomware are looking for a response. If you refuse to respond, they’ll be less likely to create more versions of those nasty viruses in the future.

2.  Do: Quarantine Infected Machines

Just like a virus that attacks the human body, ransomware can spread quickly throughout your network if it’s allowed to go unchecked. If you end up with ransomware on one of your machines, quarantine it as soon as you realize the problem. This will prevent the infection from spreading through your network. Make sure to keep a close eye on other machines to ensure that it hasn’t spread before you noticed it.

3.  Do: Roll to Your Backup ASAP

Cloud storage is the ideal solution for many businesses that are faced with ransomware, since many of them include packages that will permit users to “roll back” their systems and access files before they were encrypted. If you don’t have this advantage, make sure you utilize data backups as quickly as possible in order to restore system functionality.

4.  Don’t: Wait Until a Threat Strikes

Ransomware is a serious concern, and it’s one that has the potential to quickly infect many businesses. Make sure you have a plan in place to respond quickly and effectively, including:

• Backup systems that will ensure that your business still has access to critical data following a ransomware attack.
• A recovery plan for who is responsible for taking care of what task, enabling your recovery to proceed more smoothly.
• Information about where to find backup machines to help restore your business to functionality while you deal with the ransomware threat.

5.  Do: Plug Those Security Holes

You’ve been hit by ransomware once. The last thing you want is to go through this again! Take the time to plug up the security holes in your business, including:

• Installing software updates as soon as possible. This will ensure that you get the latest patches for viruses and other security holes.
• Limiting the devices allowed on the company network. For example, your IoT devices should be isolated from your primary network, and guest devices should always connect to a separate WiFi.
• Restricting users from accessing personal email and other data from company machines to help reduce the likelihood of a threat.

Dealing with a ransomware attack doesn’t have to be catastrophic for your business. By following these simple do’s and don’ts, however, you can increase your odds of successfully weathering this particular storm and handling whatever other difficulties come your way. Need more help combating a ransomware threat to your business or preparing your business to handle security threats? Contact us today to learn how we can help.

{{cta(‘0a4b3aa6-dc08-4f86-8072-3a5da044c6da’,’justifycenter’)}}

The post 5 Key Do’s and Don’ts of Ransomware appeared first on OTAVA®.

Businesses are losing millions of dollars to ransomware attacks. It holds your business’ data hostage in exchange for money demands. Within a short amount of time, the ransom will double or your data will be lost forever. The most recent large scale ransomware attack, WannaCry, was a worldwide virus that infected Microsoft Office applications. This specific ransom demand was $600 per infected device, payable in Bitcoin only. It infected thousands of small to medium size businesses, but large, enterprise business are susceptible too. The City of Atlanta was shut down in March due to a ransomware attack. 

The post Best Practices for Preventing Ransomware Attacks appeared first on OTAVA®.

If you haven’t heard about Ransomware by now you must have been living under a rock. This growing cyber threat has taken out millions of IT environments and shows no signs of stopping. And just as it seems we get one step ahead of the virus, a new variant is created that targets a new vulnerability in our systems.

From what we have learned about Ransomware, hackers are always one step ahead of us. Just as we make progress in understanding how to prevent one variant from attacking our systems, another version appears in its place. All of this has led to the conclusion that it is no longer a questions of IF we will be attacked by Ransomware, but WHEN.

To give you a better understanding of what you’re up against, let’s run through the different types of Ransomware. The first thing that is important to understand is that Ransomware viruses usually fall into two categories: Screen Lockers and Encrypters.

Screen Lockers

One variant of Ransomware that is relatively common is Screen Locker. As the name implies, this version of Ransomware locks your screen and prevents your from accessing your files until a ransom is paid. Luckily, Screen Locker is relatively easy to bypass if you have made the proper recovery preparations. All you have to do is connect a hard drive to non-infected system and copy over all the necessary data over.

Encryption Ransomware

unlike Screen Lockers, Encryption Ransomware encrypts your files and can only be accessed by a key that the hacker holds until a ransom is delivered. This version of Ransomware is more difficult to bypass, and can often take days to restore files. Thus it is important to have a proper backup and disaster recovery strategy in place.

Variants of Ransomware

Ransomware is a growing problem that is affecting businesses around the world (read about these common infection methods). With new variants popping up all the time, it is difficult for IT Security solutions to keep up. Here are some of the more popular variants of Ransomware:

1. MSIL/Samas.A

Also known as samsam, it targets backups and is controlled by humans, not a machine or program. Samsam is a Java-based variant that deletes all VSS volume copies and wipes free space on your hard drive. Includes Active Directory harvesting utility that will collect information to be exploited at a later time. Human controlled to attack at most vulnerable time to maximize profit. 

2. CryptoLocker

One of the most well known variants of Ransomware, CryptoLocker is a Trojan horse encryption virus. Files on the infected computer are encrypted and require the user to purchase a password in order to decrypt them.

3. Locky

Locky and its many subvarients work to corrupt your files by scrambling them and renaming them with the extension .locky. In order to unscramble your files, you are forced to pay for a decryption key.

4. KillDisk

A Ransomware variant that targets Linux. KillDisk sabotages companies by deleting data and altering files at random. KillDisk also does not save the encryption key on the disk or online, which makes it difficult to recover files without paying a ransom.

{{cta(‘c487f8ab-5e41-43d6-9053-0c3636a4dd99′,’justifyright’)}}

5. FairWare

Like KillDisk, FareWare also targets Linux users. FareWare attackers hack Linux servers and delete the webfolder. They then demand a ransom for the return of the files. The files are not encrypted by the attackers, just reuploaded to a server under the attacker’s control.

6. KeRanger

KeRanger is a Trojan horse Ransomware virus, and the first Ransomware virus to target Mac OS. It is an encryption virus that works to block access to your important files until a ransom is paid. 

7. FileCoder

Another Trojan virus that encrypts files and tries to extort a ransom is FileCoder. Like KeRanger, FileCoder also targets Mac.

8. Angler

Angler is an exploit kit that is used to open a channel of communication with your system that cyber criminals can use to access your data. Often, attacks via angler are delayed. As the access channel is monitored by humans on the other end, cyber criminals wait for the opportune moment to attack.

9. WannaCry

I’m sure by now you’ve heard the news about WannaCrypt also known as WannaCry.  This new malware (malicious software) or ransomware holds your computer hostage until you pay a ransom.   It recently hit 150 countries and 200,000 computers shutting down hospitals, universities, warehouses, telecommunication companies and banks.

The Bottom Line

In order to avoid being the victim of a ransomware attack, it is important to take proper measures to ensure your files are safe. Backup your files! Practice the 3-2-1 data backup rule. Many attacks can be overcome by restoring from backups. Be careful where you click while on the Internet or in your email, viral links and attachments are the number one cause of Ransomware infection. Protect your devices with endpoint protection and advanced threat protection. Also, avoid these common assumptions that you’re already secure. Watch this on-demand webinar on ransomware preparedness and recovery to learn how to protect your business. 

{{cta(‘bb19fd51-e849-4421-a8dd-a92ebb2cc063’)}}

The post 9 Variants of Ransomware appeared first on OTAVA®.