You’ve seen the headlines – organizations with their data held hostage and payouts to perpetrators to restore it. With new strains of ransomware and other malware threats on the rise, your enterprise and customer data is continually at risk despite steps you’ve taken.
It is easy to assume that all ransomware is similar, and it is not uncommon to think that one size fits all in terms of prevention and preparation. However, because each ransomware type is usually developed to attack different, specific networks, they can be very dissimilar in how they work. It is essential to understand the different types currently being used (keeping in mind that it is also possible to combine multiple types of ransomware). If your organization is attacked, and you do not have a plan to defend against the different types of ransomware, the likelihood is that the attack will have a more significant impact on your company.
Here are five types of ransomware:
- CryptoWall– is responsible for a high percentage of ransomware attacks. Typically, CryptoWall attacks its target through phishing emails. The WannaCry ransomware virus is a derivative of the Crypto family and was at the core of the largest cyberattacks ever perpetrated. Unfortunately, the creators of CryptoWall continue to release new versions designed to get around security protections.
- Locky– as the name implies, is what it does (locks you out of files and replace the files with the extension .lockey). However, its name misses the most damaging part of this type of ransomware – its speed. Locky has the distinction of spreading to other files throughout the network faster than other strains of ransomware.
- Crysis- takes data attacks to a new level – actually kidnapping your data and moving it to a new virtual location. The significance of this aspect of the attack is that because it qualifies as a breach, if your company works with personal data, organizations must contact anyone who may have information on your network to stay in compliance with local, state, and federal guidelines.
- Samsam- attacks unpatched WildFly application servers in the internet-facing portion of their network. Once inside the network, the ransomware looks for other systems to attack.
- Cerber- attacks the database server processes to gain access instead of going straight after the files. Its creators sell the ransomware software to criminals for a portion of the ransom collected, i.e., Ransomware-as-a-Service.
- Maze- is a variant of ransomware representing the trend in what is called “leakware.” After data is encrypted, bad actors threaten to leak ransomed private data on the dark web unless the ransom is paid.
Ransomware prevention and knowledge must stay at the forefront of organizations’ security efforts. Unfortunately, since hackers continuously become more sophisticated in their ways to encrypt data and develop new ransomware, you must continually monitor those developments.
Ransomware is often spread through email phishing messages that contain malicious links or through drive-by downloading. Drive-by downloading happens when a user unintentionally visits a contaminated site, and malicious software (malware) is downloaded onto the user’s computer or mobile device. A drive-by download usually exploits a browser, application, or operating system that is out of date or has a security flaw. Ransomware then uses these vulnerabilities to find other systems to spread to.
The goal is to reduce risks and minimize the effects of ransomware. Ransomware mitigation requires a combination of best practices and constant vigilance, along with a layered approach. Steps to reduce ransomware include:
- Educate end-users on how to avoid ransomware and to detect phishing campaigns, suspicious websites, and other scams.
- Harden and secure the infrastructure, including systems and networks
- Keep software, firmware, and applications up-to-date. This will reduce the risk of ransomware exploiting common vulnerabilities.
- Use anti-virus software with active monitoring that is specifically designed to thwart advanced malware attacks.
- Employ Commvaults AAA Security framework controls for intelligently controlling access to computer resources, enforcing policies, and auditing usage.
The cyber threat landscape, including ransomware, has transitioned to a case of “when,” not “if.” To ensure you can recover your data, you need the right solution with the best technology, the right people, and processes.
Organizations require tools (such as anomaly detection, immutable backups, air gap, and data isolation support) to measure their recovery readiness state continually. They do this to expose and remediate problems, validate the recoverability of their data and business applications, and improve their security to reduce their risk profile. In the event of a successful attack, fast restores are required to resume business operations quickly.
When ransomware does occur, you need to have a validated copy of your backup data that can be quickly restored to resume business operations. For a trusted and protected backup data copy, organizations need a layered approach that encompasses multiple security tools, resources, controls, best practices, and strategies. These various layers of security controls are applied within Commvault and around the Commvault infrastructure to help ensure the backup data is secured and recoverable. These steps provide the confidence that when an attack does occur, your backup data is ready.
Are you in control?
Check out one of our topical webinars
Ransomware strikes: Behind the scenes of a ransomware recovery
Managed cloud storage for your ransomware recovery strategy
Ransomware technology requirements
Does your current data protection and management solution offer…
Robust security framework based on AAA best practices: Authentication, Authorization, and Audit (AAA) framework is a set of security controls protecting who has access, and what they have access to, while monitoring events and activities for proper security posture.
Protect backups with air gapped copies: a technique that complements data isolation. Air-gapped networks have no connectivity to public networks. Tape is a traditional medium for air-gapped backups because tape can be removed from the library and stored offsite. To air gap secondary backup targets on disk or cloud, some access is needed, but communication is severed when it is not needed. Watch video
Avoid ransomware file reinfections: ensure a clean and secure recovery by browsing and erasing suspicious or unnecessary files from the backup data, or create an isolated recovery. Watch video
Lock down cloud backup copies per your schedule: enable WORM/Object lock in cloud so that data cannot be deleted or changed for the duration of the lock period. Data is protected from changes within Commvault as well as changes direct change attempts.
Data isolation: having secondary and tertiary copies of backup storage targets segmented and unreachable directly from the public portions of the environment using virtual LAN (VLAN) switching, next-generation firewalls, or zero trust technologies. Read more
Protect your backup copies from ANY changes with immutability: “unchangeable or changeless.” When applying this to backup data, whatever data you backup according to your set policies will be available to restore, unchanged and unmodified. Immutability protects against changes from within the backup solution, as well as outside of the backup solution.
Monitor and detect suspicious activities: through active, backup, and event monitoring receive alerts to any anomalous events or changes within your environment. Detect ransomware activity, such as unauthorized system changes, with honeypots. Watch video
Continuously authenticate access with zero trust principles: Commvault’s security frameworks are based on Zero Trust principles. The underlying philosophy for zero trust is, “Never assume trust, but continuously validate trust.” Zero Trust ensures access is continuously validated using various multi-authentication, and segmentation techniques. Read more
What you can do with Commvault’s single, integrated Data Recovery solution
Don’t let ransomware make your organization a victim. With Commvault, you’ll have an end-to-end solution that improves threat and risk mitigation across all endpoints and applications. You will always have recovery readiness and greater confidence in your data backup, recovery and compliance.