Ransomware isn’t new. It’s a lot more sophisticated than it was just a few years ago. And, the cybercriminals behind it are on a roll!
Targeted ransomware attacks like Ryuk are becoming more commonplace. Ryuk is a well-planned attack run by a team of criminals.
The attack is tailored to the target organisation, making it more likely that standard anti-virus is ineffective.
Once a system is compromised, a detailed plan of attack is devised by the team behind it based on what they find within the target’s computer systems. The optimal time is chosen to cause the most effective damage. It seems that after the close of business on a Friday is often favoured.
The attack is complex; backups and previous versions are destroyed, making recovery impossible. Then, all data is encrypted with strong encryption, making it unreadable and useless.
The encryption keys are unique to the targeted system, making it near on impossible to break the encryption.
Once the encryption process is complete, a ransom note is left demanding payment in Bitcoin – often for around 10% of the target’s turnover.
We’ve seen this attack destroy not only onsite backups but remote offsite backups too.
There are two things businesses can do to protect against attacks like this.
1. Make sure you have the right backups in place. With cybercriminals intent on attacking offsite backups, make sure that your current provider backs up your backups! It sounds like something that should be commonplace. However, our experience says otherwise.
If you’re not using offsite backup, make sure you have an air gap – disks or tapes that are not permanently connected to your computer systems.
Get Support is a Veeam Cloud Connect Partner. When our customers back up their data offsite, we take snapshots regularly of the storage systems where the backups reside. The snapshots are stored in diverse, geographical locations. Even if someone or something attempts to delete your offsite backups – we will have a copy!
2. Review your anti-virus. The traditional way for an anti-virus program to protect a computer is for it to compare virus signatures with a definitions database. The virus signature is like a fingerprint of the malicious code that makes up a virus. When one is spotted within a file or program, the anti-virus denies access and keeps the computer safe.
The problem is, for this to be successful, the virus signature needs to be in the definitions database. When an attack is targeted, like the case of Ryuk, the developers work hard to make the virus’ signature unique, so it hasn’t been seen before and is not in the database.
All is not lost! There are some exciting advances in the fight against malware & computer viruses. The solution Get Support uses is driven by state-of-the-art machine learning and provides signature-less prevention with behavioural detection. It blocks file-based malware on access. It also monitors all activity on a device to detect malicious behaviour, automatically eliminating threats.
At Get Support we’re fully aware that keeping your computers safe can appear to be a scary and bewildering task. But this is what we do every day. If you’d like a friendly chat about your cyber security, in plain English, over a coffee – please give us a call today.