Security solutions are not enough to fight ransomware. Make sure you have a good recovery strategy.

If the notion of ransomware was unknown to you until now, the attack of the WannaCryptor virus of May 12th that has had global repercussions in all spheres of activity has certainly made you aware of the consequences of such attacks that know no borders.

Computer attacks by ransomware cost businesses millions of dollars a year and are becoming increasingly sophisticated and difficult to avoid. The peculiarity of this type of attack is that it spreads quickly through shared files, sometimes in a matter of hours, as the attack of May 12 demonstrated. Ransomware generally infiltrates through the weakest point in the network, typically the user’s email account or social networking sites.

The ransomware locks the computer or encrypts the files, requiring payment of a “ransom” to give users access to their data. But the payment of the ransom does not guarantee the recovery of the data *, not to mention that organizations which give way to the hackers blackmail become targets of choice for a next time…

If you are lucky, your business was not targeted by the virus and you feel relieved to have been spared. In this case, remember the lesson: you were lucky this time, but rest assured that this type of attack will happen again, and that your organization may well be the victim next time.

Forward-thinking organizations have invested large sums of money to secure their IT environments and the data that transits them, which is often critical and whose destruction can jeopardize business continuity. Although security solutions are part of the equation when it comes to protecting your assets, they are only part of the strategy to counter these threats.

A complete solution to protect you from viral attacks must include a recovery plan with accessible and full backup copies in order to restore your environment as it was before the attack.

Implementing a recovery plan gives you assurance that you can quickly recover and minimize your idle time, which is often the weakest link in the management of computer attacks. The faster you get back to your pace, less your customers and suppliers will have to turn to alternatives that could ultimately be very costly to your business and reputation, even putting it at risk.

Companies that have industry-specific compliance standards are generally more aware and better equipped to quickly restore their infrastructure in the event of an attack. To find out if your company  has an adequate recovery strategy, ask yourself the following questions:

  • Is your backup off site (i.e. away from your primary site)?
  • Can you verify that the backups are happening?
  • How quickly can you restore data that’s taken hostage?
  • Is your original data backed up in an unalterable way, ensuring a complete and integral recovery of your data in the event of a ransomware attack?

By answering these questions, you will take the first step to address the gaps in your recovery strategy in the event of a computer attack. Be prepared to face upcoming threats to protect your assets!

* A recent survey found that of those victims of ransomware who paid the ransom, only 71% had their files restored.

 

Cryptolocker virus : how to clear the infection

Cryptolocker is a now well-known type of virus that can be particularly harmful to data stored on computer. The virus carries a code that encrypts files, making them inaccessible to users and demands a ransom (as bitcoin, for example) to decipher them, hence their name “ransomware”.
Cryptolocker type viruses infiltrate by different vectors (emails, file sharing websites, downloads, etc.) and are becoming more resistant to antivirus solutions and firewalls; it is safe to say that these viruses will continue to evolve and become increasingly good at circumventing corporate security measures. Cryptolocker is already in its 6th or 7th variation!

Is there an insurance policy?

All experts agree that a solid backup plan is always the best prescription for dealing with this type of virus. But what does a good backup plan imply, what would a well-executed plan look like?
The backup plan must be tested regularly and preferably include an offsite backup copy. Using the ESI cloud backup service is an easy solution to implement.
The automated copy acts as an insurance policy in case of intrusion. Regular backups provide a secondary offsite datastore, and acts as a fallback mechanism in case of malicious attack.

What to do in case of infection?

From the moment your systems are infected with a Cryptolocker, you are already dealing with several encrypted files. If you do not have in place a mechanism to detect or monitor file changes (eg a change of 100 files per minute), damage can be very extensive.

  1. Notify the Security Officer of your IT department.
  2. Above all, do not pay this ransom, because you might be targeted again.
  3. You will have no choice but to restore your files from a backup copy. This copy becomes invaluable in your recovery efforts, as it will provide you a complete record of your data.

After treatment, are you still vulnerable?

Despite good backup practices, you still remain at risk after restoring your data.
An assessment of your security policies and your backup plan by professionals such as ESI Technologies will provide recommendations to mitigate such risks in the future. Some security mechanisms exist to protect you from viruses that are still unknown to detection systems. Contact your ESI representative to discuss it!

Roger Courchesne  – Director, Security and Internetworking Practice – ESI Technologies