Part 1 in a series of blogs on ransomware. The number of ransomware attacks is on the increase with cyber criminals using this tactic in “alarming” numbers – according to security researchers quoted on BBC News.
Wikipedia defines ransomware as “ a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction.”
A conservative estimate is that about two thirds of all new malicious code releases include some form of ransomware. The tools are now easily available, the risks of being caught are comparatively small and the profits are huge. To top it all, the main defence is the human user and we all know how unreliable that can be.
The question is no longer how you prevent the infection, but what you have to do to recover from it without having to pay up.
For these reasons, Ascentor will be looking at backup strategies for organisations of varying sizes over the coming weeks in a series of blogs.
This first article looks at organisations or home users working from a single computer – but before that, let’s look at the basics.
There are two types of disk driveâ€¦.
There is an old saying that goes “There are two types of disk drives, ones that have failed and ones are going to fail.” We never know when a drive is going to fail but it is usually at the most inopportune moment. The same can be said for ransomware – you don’t know when you are going to get hit but you know it will happen eventually.
Luckily the main recovery option for both is the same – back up, back up and back up.
Get the basics right first
Before we come on to providing advice on backups, it is important to stress that backup is not a preventative measure. If you need to resort to restoring from backups, it is likely that ransomware has already taken hold.
Having good backups in place is no excuse for not implementing good preventative measures in the first place to reduce the risk of infection. See our blog “An ounce of prevention could be wortha ton of cyber attack cure” for further information.
Some of the preventative controls against ransomware include:
- User education and awareness. 90% of infections come from users downloading malicious content in emails or from web sites.
- Running with least privilege. Normal activity does not need escalated privileges. If your users are browsing the Internet or accessing emails with full privileges you are going to get hit with ransomware sooner rather than later.
- Patching and updates. Although antivirus software may not prevent ransomware from executing and starting the process of infecting files, it will provide alerts once the process starts meaning that you can quickly take action to limit the spread such as disconnecting the infected computer from the network.
Review your backup strategy
No matter how big or how small your organisation, your backup strategy has to be clear, implemented correctly and regularly tested if it is to be effective. The proliferation of ransomware has just made this even more important.
Every organisation should be asking themselves whether they are confident that they will be able to recover from backup should ransomware strike.
Top 6 tips for single computer backups
Smaller organisations or home users working from a single computer are not under the radar of the cyber criminal – far from it. We hope these inexpensive tips will help prevent you becoming another ransomware victim.
- Use a separate hard disk drive, such as a USB hard disk for backups and have it disconnected from the computer at all times except when performing a backup.
- Before connecting the USB hard drive, update your AV software and do a full scan of the files to be backed up. This should alert you if you have any traces of ransomware already infecting the files to be backed up. The last thing you want to do is connect your USB drive to a computer that is already actively encrypting files.
- Disconnect from the Internet. Some ransomware calls back to its command and control centre to download encryption keys before it can start encrypting files. Disconnecting from the Internet may stop this download if it is happening at the point when you intend to start doing a backup.
- Connect your USB drive and perform a backup of all your important files. Be careful in your selection. Ask your self would you care if this file was never seen again?
- Disconnect the USB drive once the backup has completed.
- Test that the files can be recovered from the USB drive. Try and access a specific file and make sure that the backup isn’t corrupt and can restore the file to where you want it.
Ideally, you should have a number of USB backup drives that you rotate on a regular basis just in case one of them does become infected. Given the low cost of USB drives we suggest a minimum of three rotated daily would be adequate.
In the next blog in the series we will be looking at backup strategies for small and medium enterprises.
For further information
If you have found this article of interest, the Ascentor blog regularly carries articles about IA and cyber security issues. You might also like to keep in touch with Ascentor by receiving our quarterly newsletter and following us on LinkedIn and Twitter.
If you’d like to discuss how ourconsultants could advise on any aspect of IA and cyber security, please contact Dave Jamesat Ascentor.
Email: [email protected]
Office: 01452 881712