Ransomware First Aid - in 3 Words
The recent Kaseya (Supply chain) attack was analyzed from different angles and described as the worst cyber-attack ever executed in one day with an estimated ~50 MSP’s and ~1500 of their end customers affected.
But is it really that bad?
How many of these end customers have had to pay the Ransomware requested?
According to this analysis by Bleeping Computer, apparently not many since the attackers did not erase or encrypt the victim companies’ backups. Most of them were able to use their backups to restore data and did not have to pay the ransom demanded by the attackers. By failing to have held the backups hostage, the attackers had less leverage on the customers.
So, what is Ransomware first aid in 3 words?
The simple answer - Backup, Backup, and… Backup.
That is the simple answer, but it does not provide a complete picture!
Just backing up your data, either within the same computer or in another computer/storage device on the same network, may not be enough as proven in past incidents which were a bit more sophisticated than the Kaseya attack.
The more common attack vector today will include several stages in terms of accessing and locking backups as part of a Ransomware attack:
- searching for backups by implementing APT (Advanced Persistent Threat) malware
- stealing the important data from storage and backups
- encrypting the data and the backups in parallel – sometimes even with different keys
To mitigate the impact and even prevent such sophisticated Ransomware attacks the first aid needs to:
Scan all files that need to be stored
- Simultaneously with multiple anti-malware engines for highest detection rates
- Secure/mask sensitive PII and financial data within those files with DLP(Data Loss Protection)
Sanitize files suspected of including potential hazards - i.e. unknown ‘payloads’ like Macros in Excel/Word files etc. These potentially dangerous payloads can be cleaned with Deep CDR (Content Disarm and Reconstruction) for >100 most commonly used file types.
Store and backup files in another network and/or in a cloud storage solution like AWS, Azure etc.
Fig: Role of MetaDefender for Secure Storage in Protecting Cloud Storage
MetaDefender for Secure Storage makes it easy to take files from internal storage or those uploaded from an external source and to scan, sanitize, and store them securely in cloud storage for a ‘rainy’ day.
Conclusion
Yes, the rainy day will come – when your organization is under cyberattack. It is not a question of ‘if’ but ‘when’ - so you need to be prepared. The easy and safe defense is to prepare (and regularly update) a clean backup of your important data in a separate network and/or in the cloud.
- ファイルアップロードの保護 – 10 のベストプラクティスで サイバー攻撃を防御
- MetaDefenderによる世界で最も危険なマルウェアEmotetの防御
- OPSWAT Expands Global Availability of Critical Infrastructure Protection
- OPSWAT Announces Expansion of Cybersecurity Training Program
- Avoiding storage data leaks and PII regulation noncompliance
- How OPSWAT Can Help Detect and Prevent the VMware WorkSpace ONE Access exploit (CVE-2020-4006)
- Protecting Critical Infrastructure from Advanced Cyberattacks
- MetaDefender Cloud Hash Reputation Database Now Exceeds 40 Billion
- OPSWAT Continues to Expand OESIS Framework with New Partners
- 6 Potential Security Gaps in File Transfer Process for Critical Infrastructure