Published under Category : Network Attached Storage

Ransomware : How to prevent and Damage control

Ransomware in Plain English.  Ransomware is a kind of Virus that would lock (encrypt) your files and ask for money (ransom)  for unlocking (decrypt). You have all your files in front of your eyes, but

Ransomware in Plain English. 

 
Ransomware is a kind of Virus that would lock (encrypt) your files and ask for money (ransom)  for unlocking (decrypt). You have all your files in front of your eyes, but they are encrypted and unusable.  The more you delay paying the Ransom , the more ransom they ask. In some cases they double the ransom demanded every 24 hours, and in some they say they give you a time limit of 2 days to pay, after which the virus will start to delete your files. 
 

Your antivirus mostly can't help you. 

 
There are 2 kinds of antivirus - Signature based ( they need to have previously seen a virus and must know its signatures) and Heuristic based ( those who look for the behaviour of all programs to classify the good and bad programs )
 
Signature based Antivirus almost certainly can't help you.   Signature based Antiviruse rely on a database of previously seen virus signatures.  If the Virus is previously unseen ( and thus the signature doesn't exist) or if the Virus itself is smart enough to change its source code ( so there is no signature anyway, the virus keeps changing) it can't detect the virus .  
 
Heuristic Based Antivirus May be able to help you, if the activity of the virus is suspicious. But this is not fullproof. 
 
However Both the Antivirus can't help you decrypt your files, once encrypted. You are going to need a key to decrypt your files, or if you will have to restore from your backup if it was isolated ( see the following section)
 

Your Conventional Backups can't help you ( unless you have offsite isolated backups)

The Virus scans all your network drives and encrypts all the file paths it can find. So if you have a backup on a NAS connected to your network with an infected computer, all the files in the NAS can be infected.
 
if you have a backup that's overwritten every day, you are going to overwrite the good backup with the infected backup one day. If you have a media that is online , it will be infected.  Only Isolated backups and snapshots can help you restore your files. 
 

Snapshot, system restore points, offsite backups can help restore the data. 

QNAP's and Synology Snapshot technology can help you restore the files to a previous version. The snapshot can't be infected ( unless a virus evolves to detect and write the files at block level).  Offsite Backup ( Like an RDX/LTO tape backed up and stored isolated) will always have a good copy of your data that can be retreived in case of infection. 
 

Endpoint Security like Sophos Intercept X can help. 

Endpoint Security products like Sophos Intercept X make a copy of business file when it is opened ( Good Copy). On closing it detects if the saved file is Good copy ( saved by user) or a bad copy( encrypted by Ransomware). If it detects that there is a bad copy, it replaces the bad copy with Good copy.  
 

Recommendation : Use an Endpoint Security Anti-Ransomware along with a snapshot based backup. 

 
We recommend using an Endpoint Security Product that has anti-ransomware feature ( not all endpoint security products have it) , combined with a Snapshot/System restore point based backup . Endpoint security will prevent a ransomware from infecting and encrypting your files. In case an advanced threat goes though your endpoint protection, you will have the snapshot backup to fall back to. 
 

0 comments

About Author : Akash Jain

I have worked in Data Storage Industry since 1998. I loves Technology and write often about NAS, Hard drives, Tapes and Flash technologies

FREE Delivery in UAE

Including Dubai, Abu Dhabi and Sharjah

NAS Experts

QNAP , Synology Top Sub Distributor and Service Partners in UAE

TOP Integrator

Second time Winner of GEC Awards in Data Storage Category UAE

Honest and Credible

4.8+ Star Google rating. Thousands of satisfied customers in UAE