How to tackle Ransomware

Gary Watson, Vice President Technical Engagement

I was staggered to read recently that UK companies are stockpiling bitcoins in preparation for a Ransomware attack. This means two things, one that they expect an attack and two, that they see no choice but to pay it. As attacks get more sophisticated, security designed to keep the virus out is struggling. Any breach that tricks a user – already on the inside of that perimeter fence – will get through it, however tough the security is.

So, let’s imagine it’s happened: the ransomware has passed your firewall and is in. You have a demand to pay and the clock is ticking. You can’t afford to lose valuable data nor admit to customers that often confidential or highly sensitive data has been at risk. You have to pay, right? Wrong. If your archive storage has the option to restore to a point in time, then you can revert files to the version they were prior to the attack.  Furthermore, in the case of a widespread attack, you have the option to restore just the shortcuts, which is an extremely fast operation.

Nexsan’s Unity Active Archive is built with security in mind and doesn’t have a “delete” function. This means that clients, even administrator-level users, or malware that has escalated to admin level (which most try to do), can’t directly delete, modify, corrupt, overwrite, or encrypt a file. Files are only deleted pursuant to the policy attached to the file when it was ingested. Any such attempts will be treated merely as a new version of the file.

What does this mean? It means that even if the malware tricks your system into thinking it is the administrator, any amends to a file will create a new file, ensuring the old, non- corrupted file remains safe and is ready to be accessed as soon as the ransomware has been disinfected from your infrastructure. Once your system is clean again, you can re-instate the shortcuts to the file that existed before the attack. Which means none of your archived data is lost and the ransom demand can be ignored.

Re-instating the shortcuts takes seconds compared with restoring data from a backup. And oftentimes it is discovered that the malware has not totally been removed, so the process of disinfecting and restoring needs to be repeated. With a process, based on re-instating shortcuts, a ‘rinse and repeat’ cycle is significantly quicker and doesn’t impact the RTO as much, which means the business can be up and running faster.

The current tendency for companies to pay the ransom demands of malware perpetrators will only encourage more hacks and more ransoms. It’s not acceptable and it certainly isn’t sustainable. Of course data is critical to a business and sensitive data even more so, but companies should be aware that there is an alternative. With Unity Active Archive you can recover critical data without paying the ransom, to find out more, read here.