• Home

  • Technology

  • Ransomware: Why Are Backup Vendors Trying To Scare You?

If you can't read please download the document

Ransomware: Why Are Backup Vendors Trying To Scare You?

Embed Size (px)

Citation preview

PowerPoint Presentation

Ransomware: Why Are Backup Vendors Trying To Scare You?Mark Jordan, VP Technology

#1All-in-One EnterpriseBackup and Continuity

2017 Unitrends#

It was the best of times, it was the worst of times, itwas the age of wisdom, it was the age of foolishness

2017 Unitrends#

Everyone has probably read these words, right? The opening lines in the Charles Dickens novel A Tale of Two Cities? Today we are going to use these words and others from the book to frame a ransomware story that hopefully is fresh, scary, hopeful, and enlightening. 2

St Louis Public LibrariesCannot return or borrow books, cannot access computer facilities in 16 branchesCity refuses to pay $35,000 ransomWill wipe and build from scratch, a solution that will take weeks

2017 Unitrends#

Lets start with the worst of times.

Some of you may have seen the story this week about the ransomware attack that hit the St Louis Public Libraries. Computer services at all 16 branches are down. A person cannot borrow or return books or access computer services. While this may be good for the people with overdue books, for those who depend on the library for school or work, who use library computers for job hunting, or who simply enjoy checking out a book to read for pleasure, the impact is immense.

In this case, hackers are demanding $35,000 to restore the system and the city is refusing to pay. They do not want to give in. They have decided to wipe the entire computer system and rebuild it from scratch. A process that will take weeks. 3

Bethlehem, NY Central School District5000 students, 800 staffMultiple ransomware attacksQuick, full recovery from backup, $0 ransom paid

2017 Unitrends#

Now. Lets look at the best of times. Bethlehem NY Central School district with 5000 students and 800 staff has been hit multiple times this past year by ransomware attacks. In their case they have been able to quickly recover from backup. They have not paid $1 of ransom.

This is quite a contrast between two cities. These are two stories that are being played out all over the world. A story of despair and a story of hope. 4

Source: Palo Alto Networks

2017 Unitrends#

Ransomware is not a new phenomenon. It has been around since 1989. The first virus created was the AIDS Malware and was distributed on diskettes handed out at the World Health Organizations international AIDS conference and was easily overcome. It was not until the mid-2000s that new strains of ransomware malware were released. New releases became increasingly difficult to remove.

About five years ago, the first large scale ransomware attacks started with tens of thousands of ransomware samples detected each quarter in 2011. By 2015 we were seeing organized cybercrime gang activity, attacks on consumers and businesses, infections on PCs, servers, and android devices.

5

Ransomware took in $1-billion in 2016

2017 Unitrends#

2016 was the year that ransomware exploded on the collective conscious of the general public.

According to security experts, ransomware cybercriminals took in about $1 billion last year. This was determined by the amount of money coming into ransomware-related Bitcoin wallets and some believe this number is low.

Ransomwareas a serviceis a variant of ransomware that is so user-friendly that it can be deployed by anyone. Someone downloads the virus either for free or a very low fee, sets a ransom and payment deadline, and attempt to trick someone into infecting his or her computer. If the victim pays up, the original author typically gets 5% to 20% and the rest goes to person who launched the attack.

Ransomware was delivered through WordPress sites and Word attachments containing infected macros and ransomware made up 40% of all spam email in past year.

Even with the FBIs recommendation of not to give in to ransomware demands, and IBM security study release in December claims 70% of business hit with ransomware paid a ransom to regain access to files.

6

2017 Unitrends#

The FBI recommends not paying the ransom, and may organizations will not pay out of principle, and the cost of not paying can be high.

Here are two companies that did not pay.

The San Francisco Municipal Transportation Agency was attacked in November and refused to pay a $70,000 ransom. They were down a number of days while restoring their network and were forced to let their customers ride free over black Friday weekend.

In December E-Sports Entertainment Association refused to pay a $100,000 ransom after hacker broke into their network and stole user data. When ESEA refused to pay, personal information for 1.5 million users was leaked online.

7

Delta Airlines August 2016Data Center Outage Cost the Company$150,000,000

Average Cost of a Single Data Center Outage $730,000

2017 Unitrends#

Recovering without paying a ransom will still have a tremendous financial impact. The cost of downtime almost always far exceeds the ransom demanded. Delta is a great example - $150 million in lost revenue for one outage this past August.

8

CryptoWorms the future of ransomwareSelf-propagatingFind vulnerable network targetsTargets unprotected executable filesAvoids detectionJigsaw encrypts and deletesStarts deleting files if the ransom is not paid

2017 Unitrends#

2017 will be an all out war. Black hats versus the good guys. Cybercriminals taking on an industry intent on stopping them.

What we will see is a new level of sophistication on both sides.

Have you heard of CryptoWorms, self-propagating malware?Cisco Talos researchers envision a ransomware strain that will scan for executable files that are vulnerable for infection. It will look for shared drives and infect any computer that connects to these drives in the future. It is smart enough to cover its own tracks to avoid detection.

Or a new strain of ransomware called Jigsaw which starts deleting files if you do not pay the ransom.

It is estimated that ransoms collected will double year over year until at least 2019. That means if 2016 was a billion dollar year, then 2017 looks to put two billion in cybercriminals pockets. 9

Source: Singapore Computer Emergency Response Team

2017 Unitrends#

Why is it so difficult to avoid? Because cybercriminals are very good at delivering malware into your environment. During this presentation we have talked about a number of ways this happens, but number one remains humans being duped or lazy.

We can train end users hours each week, but simply clicking on email attachments and links exposes data to ransomware tens of thousands of times every day.

By not vigilantly updating the applications, operating systems and firmware in on a network leaves an organization vulnerable.

Even those with the best intentions can be exposed. 10

Sadly, sadly, the sun rose; it rose upon no sadder sight than the man of good abilities and good emotions, incapable of their directed exercise, incapable of his own help

2017 Unitrends#

How horrible is it to be like the Tale of Two Cities character Sydney Carton, who has made mistakes that has made his life a mess and knows it and finds himself incapable of overcoming his problems. 11

2017 Unitrends#

So why are backup vendors trying to scare you? Because they know backups are a great way to recover from a ransomware attack without paying the ransom. They also know backups are vulnerable. 12

Are you sending data to a shared network drive?Are you using a cloud backup service?Do your backups sit on a Windows-based target?

Backups are not necessarily safe

2017 Unitrends#

Backups can help you avoid a ransom, but not all backups are safe. We talked about ransomware looking for shared network drives, image these are what you are using as backup targets. New strains, such as Locky, are designed to encrypt network shares like central file servers and removable drives that are connected to the computer at the time of infection. The encryption of shared files is a doomsday scenario for organizations. It only takes one employee on the network to execute ransomware and affect the entire company.

Cloud backup services arent immune to ransomware. Attackers know that organizations are using the cloud to store data and have created ransomware that can infect files kept in the cloud. Some ransomware strains, including a variant of Virlock, use the desktop sync clients of popular cloud services to access and encrypt files stored in the cloud. For example, if the Google Document a person is working on locally gets encrypted, the encrypted file will sync with Google Drive.

While cybercriminals are looking to exploit all the platforms they can, the preponderance of Microsoft Windows systems makes them far and away the most lucrative targets.

13

2017 Unitrends#

Maybe you have heard what happened at Hollywood Presbyterian Medical Center? In 2016 they paid the equivalent of $17,000 to cybercriminals. The ransomware didn't just encrypt files but severely affected operations for about 10 days, forcing staff to go back to paper records and fax machines. They had backups, but were unable to recover from them. 14

2017 Unitrends#

You can be the hero. Be the one who does it right and has a well thought out and tested plan to combat and recover from ransomware.

No one expects you to singlehandedly stop a multi-billion dollar criminal enterprise, but you can be prepared when you little spot in the world is attacked.15

Then tell the Wind and Fire where to stop, but don't tell me

2017 Unitrends#

This is a statement of self-determination. In our story today it is our right to determine if we will succumb to cyber-terrorists. We have the power to beat them back if we do things right. 16

Play Defense Play OffenseDont forget about your backup players

2017 Unitrends#

I love this slide. In a little more than a week we will experience that great American spectacle, the Super Bowl and guess what? Both the New England Patriots and the Atlanta Falcons will go into the game with offensive and defensive game plans. That is how you need to battle ransomware, play defense and play offense.17

Keep software up to dateUse virus detection and antivirus preventionEducated users on security protocols such Avoid clicking untrusted emails and attachmentsWatch out for obvious and not so obvious file extensions Offense: Start With Basic Protection

2017 Unitrends#

18Offense is preparing your organization for the fight. Keep software up to date and train your users to notice potential threats.

Disable Active-X content in Microsoft offices appsHave firewalls block Tor, I2P and restrict portsBlock active ransomware variants from calling home to encryption key serversBlock binaries from running from popular ransomware installation paths (e.g. %TEMP%)Defense: Be Proactive with counter-measures

2017 Unitrends#

19Play defense by making your network more difficult to penetrate. Disable Active-X in office apps and block certain data types and actions.

Backups are Crucial

2017 Unitrends#

Even companies playing offense and defense at the top of their game can still be impacted by ransomware. When it happens, be prepared to recover from backups.

20

Backups are Crucial Backup your dataKnow your recovery objectivesHave instant recoveryHave multiple recovery pointsGet your data offsiteTest Recovery!

2017 Unitrends#

Even companies playing offense and defense at the top of their game can still be impacted by ransomware. When it happens, be prepared to recover from backups.

Backup all data you cannot afford to lose. Understand your recovery objectives; if you cannot afford to be down for more than a hour, have instant recovery capability. If you cannot lose a days worth of work, backup more frequently than once a day.

Have enough recovery points to go back to a point before a system was infected.

Get your data offsite. Send backups to a cloud target from which you can recover.

Test recovery so that you know your recovery objectives can be met. 21

How does Unitrends fit into this story?

2017 Unitrends#

22

All-in-OneEnterprise Backup andContinuityOld WorldMore vendors; more finger pointing, more managementMore work setting up and constantly tuningLimited continuity; little or no recovery assuranceWindows deployment malware susceptibleFragmented & lower customer satisfaction; more worriesNew WorldOne vendor; one throat to chokeLess work - rack, connect, and goLocal & cloud continuity with recovery assuranceMore security; purpose-built hardened LinuxUnified & higher customer satisfaction; more confidence

2017 Unitrends#

When I think of Unitrends and how we fit into this story, I think of a tale of two worlds and our idea of how all-in-one enterprise backup and continuity comes into play.

I like to talk about these from an old world / new world perspective because some of the traditional ways of handling things can have a few extra challenges. So we want to highlight how were different.For example, most solutions today require you to pull together multiple vendors, which adds finger pointing, more setup and a lot of manual tuning to get things just right.Sometimes that can mean youre using more products to get the capabilities that you really need.Additionally, with Windows being the OS used for most backup vendors today, the threat of Ransomware impacting all your backups becomes much higher. Backup should be your insurance policy. You dont want to have to fight the same fires with your backups that you do in production.And ultimately, the old world concept makes it very difficult to support with high customer satisfaction, which hurts confidence.

Contrast that with where we think we play in the New World and the all-in-one approach.One vendorReally quick setup and no manual tuning needed because everything is pre-integrated.Really broad capabilities cover you locally, at second sites and in the cloud, with some really advanced automation for recovery that we call recovery assurance.

Well talk about that more in a bit.

And our solutions are hardened, locked-down, Linux appliances that arent as susceptible to attacks as the Windows vendorsAnd finally.weve had a 98% customer satisfaction rating for years. Its just one support call.

[note: you want to read this slide a bitnormally not good practice, but it is key to set the stage about old vs. new world in order to differentiate]

23

Have Less: The Ruthless Pursuit of Simplicity

Old WorldNew World

2017 Unitrends#

When you look at backup and DR on the left side, you might have different vendors and products all the way through the stack. And the stack is more complex now with so many people leveraging cloud-based solutions for offsite backup and failover. We bring it all together in a single vendor and interface. The hardware and software comes fully loaded in our Recovery Series appliances and it can optionally integrate with the Unitrends Cloud for offsite storage, long-term compliance and even full failover. That Recovery Assurance piece at the top is pretty unique too. It means well actually do automated testing of your DR plan every month and send you a report of how we did. You dont have to lift a finger. Which is a big part of how we prove we can legitimately provide a 1-hour SLA in our cloud.

That pretty much how we deliver the benefits on the left side there.24

Best Customer Satisfaction: One Support Call for Everything

Old WorldNew World

2017 Unitrends#

That whole concept of confidence really gets driven home by our support. Its one support call for everything. When you stack up a bunch of vendors that have decent customer satisfaction individually, the multiplier effect overall reduces it for the entire solution. Who do you call FIRST if performance isnt solid? Who do you call if recovery in the cloud didnt work? We simplify that with one support call and a solid 98% customer satisfaction rating for years now.

25

UnitrendsCloudOld WorldThird-party cloud vendors, limited or no DRaaSNo recovery assurance, limited retention; more worriesNo SLAs, more worries, network bottlenecks

New WorldNo finger-pointing; less management: single vendorPhysical & virtual DRaaSIndustry only physical & virtual recovery assuranceInfinite retention available; more confidence1 hour recovery SLA available; more confidenceWAN optimized & Rapid Data Seeding

WANOpenVPN w/ThrottlingOR

2017 Unitrends#

We support a number of cloud options, including AWS, Azure and even Google.However, we also have our own purpose-built cloud for long-term retention and full DRaaSNot saying that AWS and Azure are bad, but there can be big limitations with respect to getting any type of SLA for recovery.Getting bulk data in and out can also be a challenge. They have services for this, but you have to hope your vendor supports these properly.So youre back to the whole finger-pointing situation again.And of course, they arent going to act as a partner when it comes to setting up and fulfilling a DR strategy.

In the Unitrends Cloud, youre back to a single vendor, single interface, since support call.We cover both physical Windows and virtual machines running in VMware and Hyper-VWe have full recovery assurance, meaning well actually automate testing and prove it all works.And we back that with a real SLA not a promise. We give you something in writing.Of course, we also have a great service for bulk seeding data in and coming back out from the cloud.26

Confidence from Recovery AssuranceOld WorldPraying that backups recovered successfullyScrambling during DR exercisesRarely, if ever, testing DRSpending hours creating manual DR reportsNew WorldFully automated, application-level testing and failoverProactively uncover recovery issues for physical & virtualBusiness-level DR compliance report automationAvailable for local, DR site, and Unitrends Cloud

2017 Unitrends#

Recovery Assurance is one of the ways we give you extra confidenceRather than praying backups workedRarely testing DRAnd spending hours and hours trying to report on DR

Unitrends fully automates recovery testing across physical and virtual machines, as well as failover in an outage to make sure what you tested gets run perfectlyThis proactively uncovers recovery issues before an outageAnd it automates really cool business level reports so you dont have to spend hours creating themYou can use this in your local to verify backups, in a secondary site for full DR testing, or in the Unitrends Cloud27

It is a far, far better thing that I do, than I have ever done; it is a far, far better rest that I go to than I have ever known

2017 Unitrends#

Dont be like Sydney Carton at the end of the novel; sacrificing yourself so that others may live. Dont be the tale of the business that could not recover data after a ransomware attack. Dont be the example of a mistake that others learn from. There is nothing noble about putting light on the wrong path.

Be wise like the character Lucie Manette. Protect your data, know your recovery objectives can be met, and live.

28

2017 Unitrends#

Follow us on social media to win a home and other cool prizes.

29

Questions?

2017 Unitrends#

Questions?

30

2017 Unitrends#

Test in a home lab from Unitrends. 31

Thank You

2017 Unitrends#

32


RANSOMWARE - Check Point Software - Blog · agencies and security vendors to trace back to the malware operator. ... Once the user enables the macro, ... In April 2016, a new ransomware

RANSOMWARE - Check Point Software - Blog · agencies and security vendors to trace back to the malware operator. ... Once the user enables the macro, ... In April 2016, a new ransomware

Documents
Scare exhibition catalogue

Scare exhibition catalogue

Documents
the scare crow

the scare crow

Documents
Cybercrime Tactics & Techniques: Q2 2019 Ransomware ......Ransomware shifts to business targets » Consumer ransomware drops -12% YoY & -25% QoQ » Business focused ransomware increase

Cybercrime Tactics & Techniques: Q2 2019 Ransomware ......Ransomware shifts to business targets » Consumer ransomware drops -12% YoY & -25% QoQ » Business focused ransomware increase

Documents
Responding To Ransomware - NYMISSA · Ransomware is getting more sophisticated, and shifting to an enterprise threat. Ransomware Nightmares ... 50% of ransomware victims have paid

Responding To Ransomware - NYMISSA · Ransomware is getting more sophisticated, and shifting to an enterprise threat. Ransomware Nightmares ... 50% of ransomware victims have paid

Documents
Why Scare Tactics Don’t - WV DHHRdhhr.wv.gov/bhhf/ibhc/Documents/Presentations1115/Scare Tactics BH...Mock DUI crashes 3 . 4 Scare Tactics: A Definition ... Why scare tactics don’t

Why Scare Tactics Don’t - WV DHHRdhhr.wv.gov/bhhf/ibhc/Documents/Presentations1115/Scare Tactics BH...Mock DUI crashes 3 . 4 Scare Tactics: A Definition ... Why scare tactics don’t

Documents
Anestesia Pediátrica SCARE

Anestesia Pediátrica SCARE

Documents
Scare Tactics

Scare Tactics

Documents
The red scare

The red scare

News & Politics
Scare Book

Scare Book

Documents
RANSOMWARE PROTECTION€¦ · RANSOMWARE PROTECTION UIDE . ... Exploitation Exploit Mitigations Application Behavior Payload Execution ... PREVENTION AGAINST RANSOMWARE

RANSOMWARE PROTECTION€¦ · RANSOMWARE PROTECTION UIDE . ... Exploitation Exploit Mitigations Application Behavior Payload Execution ... PREVENTION AGAINST RANSOMWARE

Documents
Hairy Bear Scare

Hairy Bear Scare

Documents
Fight Back Against Java Exploits, Spear-Phishing, Watering Hole Attacks, Drive-by Downloads, Scare-ware, Ransomware, Social Networking Worms…ah…. PJ BIHUNIAK

Fight Back Against Java Exploits, Spear-Phishing, Watering Hole Attacks, Drive-by Downloads, Scare-ware, Ransomware, Social Networking Worms…ah…. PJ BIHUNIAK

Documents
Dont Scare Me

Dont Scare Me

Technology
Scare Tactics Parts1

Scare Tactics Parts1

Documents
151222 Bomb Scare

151222 Bomb Scare

Documents
Presentación scare

Presentación scare

Health & Medicine
Avian Flu Scare

Avian Flu Scare

Health & Medicine
Ransomware and tips to prevent ransomware attacks

Ransomware and tips to prevent ransomware attacks

Technology
Ransomware - asecuritysite.com · Types •Locker Ransomware. Locks the computer. •Crypto Ransomware. Requires decryption key. •Master Boot Record Ransomware. Attack MBR so that

Ransomware - asecuritysite.com · Types •Locker Ransomware. Locks the computer. •Crypto Ransomware. Requires decryption key. •Master Boot Record Ransomware. Attack MBR so that

Documents
Bird Scare

Bird Scare

Documents
The Y2K Scare

The Y2K Scare

Documents
Ransomware- success stories Triangle InfoSeCon · Ransomware Ransomware WannaCry,Petya,CryptoLocker,and TeslaCrypt are some of the more notable examples of such ransomware. In general,

Ransomware- success stories Triangle InfoSeCon · Ransomware Ransomware WannaCry,Petya,CryptoLocker,and TeslaCrypt are some of the more notable examples of such ransomware. In general,

Documents
Easy way to uninstall PadCrypt ransomware: Remove PadCrypt ransomware

Easy way to uninstall PadCrypt ransomware: Remove PadCrypt ransomware

Technology
Understanding Ransomware: Impact, Evolution and Defensive ...€¦ · 14/07/2014  · 3 Evolution of Ransomware 3.1 Historic Examples of Ransomware Ransomware trojans appeared as

Understanding Ransomware: Impact, Evolution and Defensive ...€¦ · 14/07/2014  · 3 Evolution of Ransomware 3.1 Historic Examples of Ransomware Ransomware trojans appeared as

Documents
Scare Crow Espanol

Scare Crow Espanol

Documents
Ransomware: Modern Day PiratesRansomware • What is ransomware • History of ransomware • Actors and their motivations • Anatomy of a ransomware attack • Cost of a ransomware

Ransomware: Modern Day PiratesRansomware • What is ransomware • History of ransomware • Actors and their motivations • Anatomy of a ransomware attack • Cost of a ransomware

Documents
27.2 red scare

27.2 red scare

Documents
Truman-Red Scare

Truman-Red Scare

News & Politics
Fight Back Against Java Exploits, Spear-Phishing, Watering Hole Attacks, Drive-by Downloads, Scare-ware, Ransomware, Social Networking Worms…ah…. CHADD

Fight Back Against Java Exploits, Spear-Phishing, Watering Hole Attacks, Drive-by Downloads, Scare-ware, Ransomware, Social Networking Worms…ah…. CHADD

Documents