how to take the ransom out of ransomware
TRANSCRIPT
© 2016 Unitrends 1Uni*
r
Take the Ransom Out of Ransomware
© 2016 Unitrends 2
© 2016 Unitrends 3
"To be honest, we often advise people just to pay the ransom." Joseph Bonavolonta, Asst. Special Agent, FBI Cybercrime Boston Division
© 2016 Unitrends 4
What is Ransomware?
© 2016 Unitrends 5
Encrypts victims files with strong unbreakable encryption
Demands payment for private key to unlock data
Payment typically around $200 to $500 in bitcoins
Ransomware Malware
© 2016 Unitrends 6
Ransomware is not new
Recent advances have made it a much larger risk
Early ransomware was “scareware” and “nagware” Didn’t permanently lock files. Was easily removed or avoided Criminals had difficulty in collecting fees anonymously Hacker community not as organized
Long History of Ransomware
© 2016 Unitrends 7
A Growing Menace
© 2016 Unitrends 8
Cryptolocker TorrentLocker CryptoWall CBT-Locker TeslaCrypt Locky Etc.
Many Variations and Copycats
© 2016 Unitrends 9
Popular Tools of Ransomware Variants
Anonymity Online
Electronic Payment
Unbreakable Encryption• AES• RSA• “Curve” ECC
Network to C&C Server• Tor• I2P• POST/HTTPS• Hardcoded URLs
© 2016 Unitrends 10
Requires both Public and Private Key
© 2016 Unitrends 11
Spam Email Campaigns CBT Locker & Torrent Locker
preferred vector Requires interaction from
user Can affect fully patched
systems
Exploit Kits CryptoWall and TelsaCrypt
preferred vector Does not require any
interaction Uses vulnerable installed
software
Infection Vectors
BOTH ARE HIGHLY EFFECTIVE WAYS INTO YOUR SYSTEMS
© 2016 Unitrends 12
Get 1 Free Macs vulnerable
Voice Enabled
Highly Localized
Ransomware Continuing to Advance
© 2016 Unitrends 13
How does an enterprise make sure they never have to pay?
© 2016 Unitrends 14
Play Defense Play OffenseDon’t forget about your backup players
© 2016 Unitrends 15
Keep software up to date Use virus detection and antivirus prevention Educated users on security protocols such
Avoid clicking untrusted emails and attachments
Watch out for obvious and not so obvious file extensions
Offense: Start With Basic Protection
© 2016 Unitrends 16
Disable Active-X content in Microsoft offices apps Have firewalls block Tor, I2P and restrict ports
Block active ransomware variants from calling home to encryption key servers
Block binaries from running from popular ransomware installation paths (e.g. %TEMP%)
Defense: Be Proactive with counter-measures
© 2016 Unitrends 17
Backups are Crucial
© 2016 Unitrends 18
Real World Examples
© 2016 Unitrends 19
3 copies of your data
2 different types of media
1 copy off-site
Start With The Rule of Three
© 2016 Unitrends 20
Backup all data on all systems – not just critical data Replication and Continuous Data Protection is great for low
RTO/RPO but can backup the malware with your data Create archives that are physically isolated from your production
systems You can use the archive to go back in time if necessary
Create “bare metal” images of core systems so you can get back to a known systems state quickly
Setup DR Services so you can spin up new VMs for critical systems while you recover your local production systems
Prepare NOW! Don’t wait until it too late!
Backup Best Practices: Make Sure You Never Pay
© 2016 Unitrends 21
Local On Premise or
Physical Appliance
2nd Site
Public & Private Cloud
Local backup for fast recovery Archiving to Cloud offsite Fully automated Can be isolated
Cloud Can Help
© 2016 Unitrends 22
Instant Recovery Capabilities Be able to spin up workloads from backups in minutes while
productions is cleaned
Ability to protect Windows, Windows Server, Apple Macs, etc.
Linux based backup software – not Windows based Make sure your backups don’t get encrypted too!
Differentiating Feature Of Backup Solution Against Ransomware
© 2016 Unitrends 23Unitrends cloud-empowered all-in-one continuity solutions increase your IT confidence
Keep Your Business Running With Unitrends
© 2016 Unitrends 24
Re-imagine Recovery for your digital world
Unitrends Connected Continuity Platform™ brings together the industry’s leading portfolio of cloud-empowered continuity services in a single, super intuitive platform that gives you unmatched flexibility as your business needs evolve.
Discover the power of the platform to capitalize on the potential of cloud, reduce your overall spend on IT and gain total confidence in the recovery point to come.
© 2016 Unitrends 25Unitrends cloud-empowered all-in-one continuity solutions increase your IT confidence
© 2016 Unitrends 26
Protect Everything You Have
Everywhere You Need ContinuityGuaranteed Recovery and Continuity
Within a Single Intuitive Platform
Unitrends Connected Continuity Platform
© 2016 Unitrends 27
Protect Everything You Have
Protect your ideas/businessProtect Your Ideas/Business
© 2016 Unitrends 28
Everywhere you need continuity
Local On Premise or
Physical Appliance Virtual Appliance
/ Software
2nd SitePublic & Private Cloud
© 2016 Unitrends 29
Recovery Assurance allows you to have absolute certainty in your recovery
Usable in your local environment, your DR site, or the Unitrends Cloud
Fully automated, flexible application-aware testing Recover confidently from Certified Recovery Points
Guaranteed Recovery via Recover Assurance
Recovery Assurance
© 2016 Unitrends 30
Incredible Easy to Use UI and Automated Reports
© 2016 Unitrends 31
Transforming Continuity
On Premise All-In-One Data Protection• Deploy as a virtual or physical backup appliance• Adaptive inline deduplication (20 to 1 ratio)• Instant Recovery Options for VMs and windows • Built-in real-time replication engine
DRaaSSpinup critical workloads in less than 1 hour
Forever CloudBest value for cloud storage & long term retentionRecovery Assurance
• Automated Backup & DR failover testing
• Assured recovery in the cloud & on premise
© 2016 Unitrends 32
Scalable and Flexible Industry’s #1 hybrid cloud
solution Deployment options to fit
any environment All-in-one software that
runs on your hardware
Recovery Assurance Automated testing of
backup and DR 100% confidence in the
recovery point to come RPO/RTO Actual
reporting
Intuitive UI One simple
interface Real time alerts
and reporting Enterprise
management
What Makes Unitrends Unique
© 2016 Unitrends 33
About Unitrends
15,000+ customers globally8,000+ registered partners globallyEBs of data protected30PB+ of Cloud Data ManagedIndustry leading 98% Customer Satisfaction
Worldwide HQ: Burlington, MAInternational HQ: London, UK
Global Datacenter PresenceUSA (multiple), Canada, U.K., Germany, Australia
Canada
USA (Multiple)
UKGermanyMadrid
Sydney
© 2016 Unitrends 34
Unitrends is Redefining Recovery For Your Digital WorldHow can we help you protect what matters most to you?
Are you ready to never worry about
recovery again?
Can you imagine not spending time on
“backup”?
© 2016 Unitrends 35
Try Us Out – Visit www.Unitrends.com
Unitrends Enterprise
BackupGet a free trial
7 New Rules of Recovery
Download now