MethodIT

Industrial Strength IT for Hawaii Businesses

Ransomware Protection and Recovery

Ransomware Protection and Recovery

Ransomware ProtectionWhat is Ransomware?

Malicious software that locks your files and demands payment to access them.

  • Ransomware is a term for the many variations of malware that infect computer systems, typically by social engineering schemes.
  • A Ransomware attack encrypts critical files and systems and renders them inaccessible to the owner.
  • Ransomware sometimes marks the files for permanent deletion or publication on the internet. The perpetrators then demand a payment (usually in untraceable cryptocurrency like Bitcoin) for the private key required to decrypt and access the files. Infamous ransomware examples include CryptoLocker, CryptoWall, Locky, Cerber, KeyRanger, SamSam, TeslaCrypt, TorrentLocker, and Reveton.

Who are Ransomware Perpetrators?

Cybercriminals who profit greatly by violating businesses that rely on data as a lifeblood.

Ransomware cybercriminals are organized and profitable. It is estimated that this type of attack earns criminals $10 million to $50 million per month.

There are entire ransomware outfits working out of office buildings, making the stealthy and disruptive pieces of malicious software, and designing deceptively simple schemes to infiltrate small to medium-sized businesses.

The criminals are business-minded innovators. Recently, a Ransomware-as-a-Service organized cybercrime ring was discovered, which infected around 150,000 victims in 201 countries in July 2016; splitting profits 40% to malware authors and 60% to those who discover new targets.

The overhead is low and the profits are high. Bitcoin is anonymous and the list of targets is endless. Coupled with the technology being not overly complicated, the odds of getting caught are low. Ransomware perpetrators are sophisticated, profit-hungry, cybercriminals on the lookout for unsuspecting small to medium-sized businesses (SMB) to infiltrate.

Could my business be a Ransomware victim?

In a word: Yes.

Ransomware perpetrators cast a wide net. They target small to medium sized businesses with IT security loopholes, valuable data, and a modest budget to pay the ransom.

If data is important to your business, you are a target.

To get in to your systems, they may send a phishing email to your staff. Because 94% of people can’t distinguish between a real email and a phishing email 100% of the time, the perpetrators are successful in getting in. And if they don’t, they keep trying again and again until someone in the business finally clicks the malicious link that initiates the whole Ransomware scheme.

And once you have paid a ransom, you can be sure that they will try again.

How Do You Protect Yourselves?

MethodIT provides four layers of defense against malicious malware such as Ransomware.

Your First Line of Defense: CISCO UMBRELLA AND THE DNS SYSTEM

MethodIT works with Cisco Umbrella to protect you BEFORE the threat even reaches your network. With Ransomware files, they act as a Trojan horse, where the file is deemed harmless by your firewall and permitted entry into the inner part of your network. Once inside, it lies dormant for a certain time period or until it is triggered. Then, the file reaches out to a malicious domain and downloads all of its harmful data. Suddenly, your business network is infected, and it is already too late to stop the attack.

Cisco Umbrella is cleverly designed to prevent these sorts of attacks by merging with your DNS regulator. Companies with Cisco Umbrella simply modify their active directory to use Umbrella as their DNS regulator instead. Umbrella itself includes an enormous directory of innocent, suspicious, and malicious domains that is constantly growing. Also, “New” Domains are also tracked. Now, whenever a user on your network sends a request to the Internet, Umbrella compares the requested domain to their directory of suspicious domains. If the domain is known to be malicious, the traffic is immediately blocked. If “New” it is monitored and blocked until it is confirmed ‘safe’. Ransomware detection “BEFORE” it hits your network.

Your Second Line of Defense: SOPHOS SECURITY CONTROL – NETWORK PERIMETER

MethodIT partners with Sophos to protect your network with ALL the protection you need to stop sophisticated attacks and advanced threats while providing secure network access to those you trust.

Sandstorm Protection

Sophos Sandstorm uses next-gen cloud-sandbox technology to give your organization an extra layer of security against Ransomware and targeted attacks. It integrates with your XG Firewall and is cloud-delivered so there’s no additional hardware required. Sophos Sandstorm blocks evasive threats like Ransomware, disguised as executables, PDFs, and Microsoft Office documents — sending them to a cloud-sandbox to be detonated and observed in a safe environment. Threat intelligence is fed back to your XG Firewall and the file blocked or permitted. The process takes just a couple of minutes with minimal impact for the user.

Your Third Line of Defense: WEBROOT – ENDPOINT PROTECTION

Anti-virus software on your computer in the past (and even present) depended on a list of known viruses that the anti-virus software uses to isolate intrusions. This is the traditional method of ‘blacklisting’ (i.e. a file is either GOOD or BAD) as the standard method of protection.

What MethodIT – in teaming up with WebRoot – does is extend your endpoint security to an essential next step. In the field of detection it is adding the category UNKNOWN (to GOOD or BAD) to this classification. However, it is always possible that an organization gets infected by a virus or malware, despite the security measures. Therefore, it is advisable to use a security solution that can retroactively eliminate the harmful effects of such an infection.

The features ‘journaling’ and ‘rollback’ play an important role here:

  • An UNKNOWN file is monitored closely and watched to see which files, registry keys and memory locations it alters. The journaling function then records and remembers the before and after state of each change made.
  • Since every action is meticulously journaled in the event the UNKNOWN file is later classified as a threat, everything it has done can be rolled-back to return the endpoint to its pre-infection state.

Your Last Line of Defense: TOTAL DATA PROTECTION WITH DATTO

A data protection solution like Datto provides the ultimate failsafe in a layered defense strategy against Ransomware. A data protection solution will automatically and invisibly take snapshots of your data and systems at regular intervals, and store that data in a secure location. Should Ransomware successfully penetrate your layered defenses, you can simply ‘turn back the clock’ to a snapshot of your business before the attack happened. No ransom, no downtime, no problem. We can restore files and systems if needed from a backup device on premise or from the ‘cloud’.

Partner with MethodIT so that you will never have to pay a Ransom to Cybercriminals.