How to prepare for (and prevent) ransomware attacks

23.06.2016
You've likely heard all about "crypto ransomware," or simply "ransomware," a specific type of malware that attempts to hold your digital existence hostage by encrypting personal files and then offering decryption keys in exchange for payment. When the malware first takes root, it shows no outward signs that anything is wrong. Only after the malware does its nefarious work in the background are you presented with the ransom, typically via demands for Bitcoin or other forms of digital currency.

Some early ransomware was riddled with software bugs that made it possible to recover encrypted files that had been held hostage, but newer variants that use robust symmetric and asymmetric encryption are much more troublesome. (Symmetric encryption is typically used to rapidly scramble files, and the asymmetric encryption can then be applied to the original symmetric keys so data can only be recovered by cybercriminals with the appropriate private keys.)

Some of the latest ransomware variants are also designed to punish payment procrastination, and they double or triple their ransom demands as stipulated deadlines pass. The ransomware threat is very real, but proactive individuals and organizations can protect themselves.

Fortunately, it is relatively easy to duplicate corporate files, and regular, systematic backups are an effective strategy to combat ransomware. Of course, backups are useful only if they're created before a malware attack, so it's a good idea to immediately and regular backup important files.

Unfortunately, simple file backups aren't always enough. Some backup implementations are vulnerable to crypto malware, and backup archives can also be encrypted by cybercriminals. Some cloud-based file synchronization services replace good files with corrupted versions. So the capability to roll back to specific points in time for data recovery, and the duration of time backups are stored — as well as the amount of time and resources it takes to access stored files — should be crucial considerations for people and organizations that want to prevent ransomware complications. Though none are flawless, these three backup strategies can help you protect yourself and your organization, and prepare for ransomware attacks.

The simplest way to prevent ransomware attacks is to regularly backup all of the important contents on your PCs. Dedicated backup software makes full copies of hard disk drives and stores them on some external source, usually a storage drive that is disconnected and purposefully kept offline following backups. Some newer cloud services can also make point-in-time backups that are stored on external servers, and they offer a similar level of protection.

Creating full backup can be time-consuming, but it's often the best option, because any and all compromised data can be recovered from such backups following a data disaster. And total storage space shouldn't be a significant concern, as subsequent backups only capture incremental changes since the previous backup.

Advanced data-backup options, such as Acronis's True Image offerings, support data recovery onto disparate hardware so, for example, all of the contents on a failed laptop could potentially be restored directly onto a new laptop — even if it is a different model, from another manufacturer.

The biggest issue with traditional data backups is that the frequency of revisions is often multiple days, or even weeks, due to the time and resources it takes to initiate backup jobs.

Individuals and small businesses that value speed of data recovery may want to consider using a dedicated network attached storage (NAS) appliance for backups. Two common ways exist to set up a NAS to protect against crypto malware: You can use the NAS as a "dumb" repository for backing up data, or as a shared drive that's configured to create regular point-in-time backups.

Individuals and organizations can use backup software to back data up directly to a NAS, though network-connected backup utilities, such as Bvckup 2, are also worth a look because they're reliable and can rapidly copy files across a network.

To ensure files that are backed up to NAS are out of reach of crypto malware on Windows devices, it is necessary to create a separate user account for the "Backup Operators" group from which the backup utility is run. The shared network location on the NAS should then be locked to everyone except approved users.

The built-in capabilities of the NAS can also be used to create regular backups of shared files. The DSM 6.0 operating platform from storage specialist Synology, for example, has a "Snapshot Replication" feature that can be customized to perform point-in-time backups of shared folders as frequently as every five minutes, with light disk strain and little or no system impact.

The downside is that setting up and using NAS to defend against crypto malware requires a certain level of technical competency, and misconfigurations can result in a false sense of security while files are potentially exposed.

Though cloud storage services aren't always ideal for protection against crypto malware because of how they sync encrypted files, many such services have file-version features that make it possible to recover uncorrupted copies of files. However, many cloud offerings save only a finite number of revisions, which means uncompromised good files can be bumped off the list.

Microsoft's OneDrive and Dropbox are two cloud storage options that could potentially help protect your files from ransomware. OneDrive saves all versions of Office documents, though they can eat up users' or organizations' allotments of Microsoft storage space. The consumer version of Dropbox saves unlimited file revisions for up to 30 days, and Dropbox for Business saves unlimited versions for as long as customers continue to pay for the service. Of course, sifting through even a moderate number of files for uncorrupted copies can be extremely time consuming.

The viability of cloud backups varies significantly based on many factors, including the cloud provider’s infrastructure, the bandwidth available to users, and the amount of data that needs to be recovered. Large backups coupled with slow data-transfer rates can mean lengthy recovery times. Cloud services can also sometimes restore backups in which the crypto malware is already active, resulting in more encryption and ransom demands.

The three strategies outlined here are not meant to be exhaustive, and some aren't necessarily suitable for specific industry verticals or IT infrastructures. However, the increasing prevalence of ransomware means all individuals and organizations should evaluate and eventually implement backup strategies sooner than later. You can read more about how to create a robust cloud backup strategy on CIO.com.

(www.cio.com)

Paul Mah