how to take the ransom out of ransomware

© 2016 Unitrends 1Uni*

r

Take the Ransom Out of Ransomware

© 2016 Unitrends 2

© 2016 Unitrends 3

"To be honest, we often advise people just to pay the ransom."  Joseph Bonavolonta, Asst. Special Agent, FBI Cybercrime Boston Division

© 2016 Unitrends 4

What is Ransomware?

© 2016 Unitrends 5

Encrypts victims files with strong unbreakable encryption

Demands payment for private key to unlock data

Payment typically around $200 to $500 in bitcoins

Ransomware Malware

© 2016 Unitrends 6

Ransomware is not new

Recent advances have made it a much larger risk

Early ransomware was “scareware” and “nagware” Didn’t permanently lock files. Was easily removed or avoided Criminals had difficulty in collecting fees anonymously Hacker community not as organized

Long History of Ransomware

© 2016 Unitrends 7

A Growing Menace

© 2016 Unitrends 8

Cryptolocker TorrentLocker CryptoWall CBT-Locker TeslaCrypt Locky Etc.

Many Variations and Copycats

© 2016 Unitrends 9

Popular Tools of Ransomware Variants

Anonymity Online

Electronic Payment

Unbreakable Encryption• AES• RSA• “Curve” ECC

Network to C&C Server• Tor• I2P• POST/HTTPS• Hardcoded URLs

© 2016 Unitrends 10

Requires both Public and Private Key

© 2016 Unitrends 11

Spam Email Campaigns CBT Locker & Torrent Locker

preferred vector Requires interaction from

user Can affect fully patched

systems

Exploit Kits CryptoWall and TelsaCrypt

preferred vector Does not require any

interaction Uses vulnerable installed

software

Infection Vectors

BOTH ARE HIGHLY EFFECTIVE WAYS INTO YOUR SYSTEMS

© 2016 Unitrends 12

Get 1 Free Macs vulnerable

Voice Enabled

Highly Localized

Ransomware Continuing to Advance

© 2016 Unitrends 13

How does an enterprise make sure they never have to pay?

© 2016 Unitrends 14

Play Defense Play OffenseDon’t forget about your backup players

© 2016 Unitrends 15

Keep software up to date Use virus detection and antivirus prevention Educated users on security protocols such

Avoid clicking untrusted emails and attachments

Watch out for obvious and not so obvious file extensions

Offense: Start With Basic Protection

© 2016 Unitrends 16

Disable Active-X content in Microsoft offices apps Have firewalls block Tor, I2P and restrict ports

Block active ransomware variants from calling home to encryption key servers

Block binaries from running from popular ransomware installation paths (e.g. %TEMP%)

Defense: Be Proactive with counter-measures

© 2016 Unitrends 17

Backups are Crucial

© 2016 Unitrends 18

Real World Examples

© 2016 Unitrends 19

3 copies of your data

2 different types of media

1 copy off-site

Start With The Rule of Three

© 2016 Unitrends 20

Backup all data on all systems – not just critical data Replication and Continuous Data Protection is great for low

RTO/RPO but can backup the malware with your data Create archives that are physically isolated from your production

systems You can use the archive to go back in time if necessary

Create “bare metal” images of core systems so you can get back to a known systems state quickly

Setup DR Services so you can spin up new VMs for critical systems while you recover your local production systems

Prepare NOW! Don’t wait until it too late!

Backup Best Practices: Make Sure You Never Pay

© 2016 Unitrends 21

Local On Premise or

Physical Appliance

2nd Site

Public & Private Cloud

Local backup for fast recovery Archiving to Cloud offsite Fully automated Can be isolated

Cloud Can Help

© 2016 Unitrends 22

Instant Recovery Capabilities Be able to spin up workloads from backups in minutes while

productions is cleaned

Ability to protect Windows, Windows Server, Apple Macs, etc.

Linux based backup software – not Windows based Make sure your backups don’t get encrypted too!

Differentiating Feature Of Backup Solution Against Ransomware

© 2016 Unitrends 23Unitrends cloud-empowered all-in-one continuity solutions increase your IT confidence

Keep Your Business Running With Unitrends

© 2016 Unitrends 24

Re-imagine Recovery for your digital world

Unitrends Connected Continuity Platform™ brings together the industry’s leading portfolio of cloud-empowered continuity services in a single, super intuitive platform that gives you unmatched flexibility as your business needs evolve.

Discover the power of the platform to capitalize on the potential of cloud, reduce your overall spend on IT and gain total confidence in the recovery point to come.

© 2016 Unitrends 25Unitrends cloud-empowered all-in-one continuity solutions increase your IT confidence

© 2016 Unitrends 26

Protect Everything You Have

Everywhere You Need ContinuityGuaranteed Recovery and Continuity

Within a Single Intuitive Platform

Unitrends Connected Continuity Platform

© 2016 Unitrends 27

Protect Everything You Have

Protect your ideas/businessProtect Your Ideas/Business

© 2016 Unitrends 28

Everywhere you need continuity

Local On Premise or

Physical Appliance Virtual Appliance

/ Software

2nd SitePublic & Private Cloud

© 2016 Unitrends 29

Recovery Assurance allows you to have absolute certainty in your recovery

Usable in your local environment, your DR site, or the Unitrends Cloud

Fully automated, flexible application-aware testing Recover confidently from Certified Recovery Points

Guaranteed Recovery via Recover Assurance

Recovery Assurance

© 2016 Unitrends 30

Incredible Easy to Use UI and Automated Reports

© 2016 Unitrends 31

Transforming Continuity

On Premise All-In-One Data Protection• Deploy as a virtual or physical backup appliance• Adaptive inline deduplication (20 to 1 ratio)• Instant Recovery Options for VMs and windows • Built-in real-time replication engine

DRaaSSpinup critical workloads in less than 1 hour

Forever CloudBest value for cloud storage & long term retentionRecovery Assurance

• Automated Backup & DR failover testing

• Assured recovery in the cloud & on premise

© 2016 Unitrends 32

Scalable and Flexible Industry’s #1 hybrid cloud

solution Deployment options to fit

any environment All-in-one software that

runs on your hardware

Recovery Assurance Automated testing of

backup and DR 100% confidence in the

recovery point to come RPO/RTO Actual

reporting

Intuitive UI One simple

interface Real time alerts

and reporting Enterprise

management

What Makes Unitrends Unique

© 2016 Unitrends 33

About Unitrends

15,000+ customers globally8,000+ registered partners globallyEBs of data protected30PB+ of Cloud Data ManagedIndustry leading 98% Customer Satisfaction

Worldwide HQ: Burlington, MAInternational HQ: London, UK

Global Datacenter PresenceUSA (multiple), Canada, U.K., Germany, Australia

Canada

USA (Multiple)

UKGermanyMadrid

Sydney

© 2016 Unitrends 34

Unitrends is Redefining Recovery For Your Digital WorldHow can we help you protect what matters most to you?

Are you ready to never worry about

recovery again?

Can you imagine not spending time on

“backup”?

© 2016 Unitrends 35

Try Us Out – Visit www.Unitrends.com

Unitrends Enterprise

BackupGet a free trial

7 New Rules of Recovery

Download now