How to Protect, Help Customers Recover From Ransomware

You’ve probably heard horror stories on the news, but haven’t considered that you or your customers could be victims of ransomware. Better think again.

The number and complexity of ransomware attacks are increasing. Those who want to wreak havoc on your systems and take your money are getting more sophisticated with their approach.

Fortunately, there are steps partners can take to protect their customers and recover their data quickly in the event of a loss.

This one-stop shop takes you through the basics of ransomware and offers help with some critical decisions that you, the partner – or the business owner – should take. Like what you see? When finished, go here for access to our in-depth report on the topic.

**Source material by Kasia Lorenc**

Follow executive editor @Craig_Galbraith on Twitter.

The rise of bitcoin is making it easier for malicious hackers to get money from you — and it helps them remain anonymous. More often than not, they’re looking for easy targets, which could be you or your customer.

Companies will be forced to decide if they should pay. Sometimes, if you do, it will simply show the perpetrators that you’re willing to meet their demands — and they’ll come back looking for more.

Top security professionals say basic protection against a ransomware attack isn’t enough anymore. You should be ready to wipe systems and start over.

Your approach to fending off ransomware before you’re hit is fourfold.

• Make sure you have the basics of security in place (think antivirus, vulnerability scanning, network protection, patching, etc.).
• Train employees to spot phishing emails and to avoid suspicious websites.
• If you have the budget, consider heuristic analysis that can catch previously undetected malware.
• Plan for a disaster by backing up customer data in full — and frequently. Be sure those backups are protected because attackers will commonly go after them.

Think your business is unlikely to be a target? You’re wrong — just about anyone without adequate defenses or plans to combat ransomware could be in the scope of someone with malicious intent.

The online ad above, which makes it easy for hackers to buy or rent a “malware kit,” should concern you.

Partners can do a number of things to help their customers be prepared for ransomware.

For one, make sure that backup files are isolated. They should be stored offsite and hidden from potential attackers. When considering a recovery-service provider, ask if systems are replicated regularly and if connections are tightly controlled. Backups should be completed at various times so attackers have a harder time penetrating the connection.

A DR provider also should be able to test recoverability quickly and easily. Stand up an interim production environment through an isolated backup service so the business doesn’t have to shut down during the recovery process.

Every organization will have a different definition of “acceptable loss” in the event of a cyberattack. The graphic above can be used in determining how far a business will want to go to keep from being crippled by one.

Disaster recovery as a service (DRaaS) is a good option toward which a partner might direct a client.

DRaaS offers multiple recovery points for data, all stored in the cloud. The data is encrypted at rest, and it’s isolated to minimize security breaches. Most DRaaS companies will offer flexible testing, automation and management through a single pane of glass.

The cost is more than simply doing backups, but it’s less expensive than traditional DR when you consider there’s no need for on-site hardware, services, etc. DRaaS systems are managed by IT pros who specialize in disaster recovery.

Ransomware is like the flu. Every year – or in the example above, every month – there are new strains that IT security teams aren’t prepared for.

And increasingly, the malware is becoming more sophisticated. Sometimes it will survive you wiping your drives because it can spread from the firmware.

There’s a new focus in the industry that broadens the conversation from backups and BC/DR to creating a resilient environment that can withstand virtually any issue — a cyberattack, human error, natural disaster, what have you.

Continuous data protection can allow customers to restore their information in just seconds after an attack. Of course, many SMBs might find this to be overkill — or perhaps more importantly, too expensive. But there are plenty of tools out there with various functions at various prices, depending on what a business needs. Again, that’s where a partner that knows its client comes in.

Other considerations for partners include:

• Regulatory and compliance: Some customers – particularly in verticals such as health care and financial services – will have requirements that impact the type of DR strategies they adopt.
• End users: Endpoint devices are the most likely to get attacked, so partners should encourage customers to separate end-user data from the server infrastructure. A partner can help devise a policy for employees.

By now, it should be clear that to prepare for a ransomware attack, having the right DR strategy in place is even more important than getting the right technology.

Now go here for access to our in-depth report on ransomware.

Please click here for more Channel Partners galleries.