Ransomware First Aid - in 3 Words

The recent Kaseya (Supply chain) attack was analyzed from different angles and described as the worst cyber-attack ever executed in one day with an estimated ~50 MSP’s and ~1500 of their end customers affected.

But is it really that bad?

How many of these end customers have had to pay the Ransomware requested?

According to this analysis by Bleeping Computer, apparently not many since the attackers did not erase or encrypt the victim companies’ backups. Most of them were able to use their backups to restore data and did not have to pay the ransom demanded by the attackers. By failing to have held the backups hostage, the attackers had less leverage on the customers.

So, what is Ransomware first aid in 3 words?

The simple answer - Backup, Backup, and… Backup.

That is the simple answer, but it does not provide a complete picture!

Just backing up your data, either within the same computer or in another computer/storage device on the same network, may not be enough as proven in past incidents which were a bit more sophisticated than the Kaseya attack.

The more common attack vector today will include several stages in terms of accessing and locking backups as part of a Ransomware attack:

  • searching for backups by implementing APT (Advanced Persistent Threat) malware
  • stealing the important data from storage and backups
  • encrypting the data and the backups in parallel – sometimes even with different keys

To mitigate the impact and even prevent such sophisticated Ransomware attacks the first aid needs to:

Scan all files that need to be stored

    • Simultaneously with multiple anti-malware engines for highest detection rates
    • Secure/mask sensitive PII and financial data within those files with DLP(Data Loss Protection)

    Sanitize files suspected of including potential hazards - i.e. unknown ‘payloads’ like Macros in Excel/Word files etc. These potentially dangerous payloads can be cleaned with Deep CDR (Content Disarm and Reconstruction) for >100 most commonly used file types.

    Store and backup files in another network and/or in a cloud storage solution like AWS, Azure etc.

    MetaDefender for Secure Storage

    Fig: Role of MetaDefender for Secure Storage in Protecting Cloud Storage

    MetaDefender for Secure Storage makes it easy to take files from internal storage or those uploaded from an external source and to scan, sanitize, and store them securely in cloud storage for a ‘rainy’ day.

    Conclusion

    Yes, the rainy day will come – when your organization is under cyberattack. It is not a question of ‘if’ but ‘when’ - so you need to be prepared. The easy and safe defense is to prepare (and regularly update) a clean backup of your important data in a separate network and/or in the cloud.

    Sign up for Blog updates
    Get information and insight from the leaders in advanced threat prevention.