Your worst nightmare just happened. You have just been presented with a screen popup telling you that your data is being encrypted and that you have so many days to pay. It gets worse. Every day you delay, chunks of your data are deleted. It happens. I have been on the outside – helping restore data, remove the threats, and salvage business operations and prevent further damage. I have a unique perspective on ransomware.
We have things like Cisco AMP, a truly robust and state of the art anti-malware system that integrates at every level from the firewall to the endpoint with telemetry systems and response rates beyond anything else in the industry at a crazy fast 13 hours! However, even Cisco will tell you that it is not possible to rely on prevention alone. That is why they embed their AMP endpoints into everything – they keep watch for Malware that may have slipped through that 13-hour window. If you don’t have Cisco AMP, you could have a much larger “window”, an industry average of 100 days.
So, how do you as a data center engineer protect your data when something gets through. How do you guarantee the ability to recover and restore? Will you be ready when that popup box shows up?
This may seem obvious, but backups are critical to a recovery. When your data is encrypted, there is a very strong chance you will not be able to recover it using decrypting tools, so having proper backups will help. So, what is a proper backup? I like Veeam Backup & Replication as it has some really handy features that can make it, and its backups a little more resilient to malware.
If you don’t have Veeam, you can still achieve some of this, or all of it. It just may not be as easy. Either way, multi-location and multi-type backup and/or replication strategies are critical to protecting data.
How can snapshots help? If you are using a snapshot inclusive EMC Unity or Nimble Storage array, you can configure snapshots with retention schedules to allow you to quickly rollback to a point in time – BEFORE the malware got into the system. You might lose a few minutes or an hour of data, but it is much better than the alternative. If your SAN supports snapshots and you are not using them, set them up as soon as you can.
Patching is crucial. Without patching you are more vulnerable to ransomware and malware attacks. Typically, security patches for software are free. A no cost or low cost measure to protect your systems, yet they are so often overlooked. Why? Usually it is a lack of a management system or personnel to perform the patching. This can be addressed with things like WSUS, Microsoft System Center, or VMware Update Manager. Use them.
Control System Access
This is more than making sure you have passwords for employees – it is often protecting employees from themselves. You can invest in, or make use of several of the following options to restrict access to data – which is how ransomware propagates in general – through data access.
You will be attacked. That attack may not breach your systems – or it might. Don’t say I did not warn you. Protect your data. Thank me later.
For the record, I work a lot with Microsoft, EMC Unity, VMware, Cisco, VCE, EMC Data Domain, Veeam, and the other technologies here. They are what I know best, so if you feel I am biased — well, I am. They are what I know best!Tags: AMP Everywhere, Backups, Cisco AMP, Citrix, Data Center, DataDomain, EMC, Malware, MIM, Patching, Ransomware, Security, Sentinel Technologies, Snapshots, Systems Center, Unity, Updates, VMWare