It’s only summer, but 2017 is sure to be remembered as the year ransomware emerged from the shadows. With two high-profile, global attacks taking place just weeks apart in May and June, nearly everyone is now at least aware of this dangerous new cyber threat.
But how much do people really understand about ransomware and how it works? We’ll offer up a quick primer on this emerging IT danger and spell out how you can protect your customers in the age of ransomware.
What is Ransomware?
Ransomware is malicious software that infects a device and essentially holds it hostage, blocking access to it or the information stored on it. In order to regain access, the user is required to pay a ransom, usually in widely used e-currency like Bitcoin.
Encryption-based ransomware is what most people think of today when discussing ransomware. That’s when files and folders on an infected machine are secretly encrypted, and then a message pops up to explain that the user’s files are no longer accessible. The only way to decrypt them is to pay a ransom.
Not only are ransomware attacks on the rise, but research shows that ransom amounts are steadily increasing as well. Security experts expect those trends to continue.
So what can you do to protect your customers? Here are five steps your customers can take to safeguard their data.
- Keep operating systems and software current
The first line of defense is updating systems and software to ensure they’re running the latest versions. The huge WannaCry attack in May that affected a quarter million machines worldwide spread through a glitch in Windows that Microsoft had patched two months earlier. Many of its victims would have been protected had they simply downloaded and installed Microsoft’s simple fix.
Keeping systems up-to-date goes a long way to making them immune to ransomware and other threats.
- Make sure there’s a strong antivirus solution installed
Strong antivirus software is a cornerstone of any good data protection strategy. Unfortunately many ransomware developers look for ways to exploit any weaknesses in detection technologies. In addition, signature-based antivirus software, which compares activity on a system to threats security researchers have already identified, isn’t much help against zero-day attacks.
Nonetheless, antivirus will keep systems protected against known dangers and less sophisticated attacks.
- Educate employees about ransomware
Ransomware spreads in a number of ways, including via websites, social media and instant messaging apps. But the most common approach is through “spear phishing” emails that trick the recipient into opening an attachment that launches the attack.
In a typical scenario, a user receives an email designed to look like something important – an invoice or a receipt from some company, for instance. The email usually contains an attachment along with some devious language that makes it hard to resist opening the attachment – something like “Here are the details of your recent purchase. Please review the attached receipt.”
Opening the attachment enables a small piece of malware called a downloader to run. The downloader does what its name implies: downloads the ransomware. Once the ransomware is installed, it begins quietly encrypting files and folders unbeknownst to the user.
So it’s imperative to teach employees what to look out for – and to resist the urge to click on any suspicious links or download files from unknown sources.
- Back up your data
Performing regular backups is the single most important step a business can take to safeguard itself from ransomware. Regular backups that are stored in the cloud make ransomware little more than a nuisance.
“Individuals or businesses that regularly back up their files on an external server or device can scrub their hard drive to remove the ransomware and restore their files from backup,” Peter Kadzik, assistant U.S. Attorney General, wrote in a letter to Congress in 2016. “If all individuals and businesses backed up their files, ransomware that relies on encrypting user files would not be as profitable a business for cyber criminal actors.”
Kaseya Cloud Backup, powered by the Acronis AnyData Engine, is a perfect foil for ransomware. It’s an all-in-one backup solution that offers:
- A single dashboard that makes it easy for service providers to provision, deploy and manage their customers’ backups.
- Complete protection for 16 different platforms and all your customers’ data.
- Military-grade encryption of your customers’ data, which is stored in SSAE-16 certified data centers.
Better yet, Kaseya VSA Professional, an enterprise-class IT systems management solution, automatically takes care of most of the steps above with:
- Patch management that automatically keeps servers, workstations and remote computers up-to-date with the latest security patches and updates.
- Antivirus software that provides complete protection on networks and beyond from potentially dangerous programs and network attacks.
- Automated remote backup and bare metal restore for Windows servers and workstations.
If you’re keeping score at home, you’ve probably noticed that’s only four tips. Here’s the fifth:
- Fight back against ransomware
To this point ransomware protection has been passive and reactive – aiming to simply detect threats and/or restore backed up data after an attack. Acronis Active Protection™, soon to be part of the Kaseya family, changes all that. It’s the first backup technology that actively combats ransomware.
Acronis Active Protection uses sophisticated analysis and artificial intelligence to monitor a system. If it spots any errant behavior or suspicious processes, it stops the activity and banishes the program responsible for it. And if ransomware somehow does manage to slip through and start encrypting files, Acronis Active Protection will quickly detect the encryption and halt it – immediately restoring any impacted files in the process.
Currently available as part of Acronis Backup 12.5 and Acronis True Image 2017, this groundbreaking new technology will be incorporated into Kaseya Cloud Backup and Kaseya VSA in the weeks ahead. At which point your customers will not only be fully protected against ransomware, but they’ll be able to punch back.