For adversaries, it is no longer just a matter of encrypting backups and production data. It's also about stealing your data in order to sell it, and, to add insult to injury, to carry out denial of service attacks. This approach of coercing you into paying the ransom is referred to as triple extortion.
The objective of Ransomware as a Service is obviously to maximize the return on investment of attacks, which today we know massively target SMBs. The reason being they are the most numerous and the least well protected. In short, they are the ideal prospect for this criminal industry.
The table below summarizes the ins and outs of an attack.
More specifically, in the right column, are the basic measures to be put in place in order to prevent and detect threats, and enable a return to normal in the case of an attack.
Consequences of a Ransomware Cyber Attack
Main attack vectors
Gain visibility; classify the risks by importance, and act as quickly as possible
Make it harder for attackers while prioritizing quick wins
Are you someone who thinks that simply having backup copies protects you from ransomware?
Unfortunately this is not always the case since adversaries seek primarily to make them inoperative, by destroying them or by encrypting them. The Conti ransomware group specializes in this practice.
You must been conscious that being able to restore does not protect you from the theft and resale of your data, or from denial of service attacks.
To protect yourself against data theft, you ultimately need to encrypt your data, and to counter denial of service attacks, it is necessary to put in place measures such as a web application firewall (WAF).
The fact remains that since your backup is your last line of defense, it must imperatively be able to counter hackers and ransomware.
Essentially your ability to recover backup copies is a function of the following factors:
The Datto SIRIS solution is a managed or co-managed business continuity service that combines all data protection elements into a single fully integrated service, to greatly simplify implementation and support.
It includes on-site equipment (appliance) that replicates backups in 2 geographically separated clouds in Canada as well as the required services.
The solution relies on snapshots of the appliance file system so that all local and cloud backups are read-only. This means that they are immune to any type of modification, including ransomware infection. All backup copies are kept in private, secure clouds and may also use encryption.
SIRIS includes two levels of backup verification. Level 1 verification ensures that the system can boot, while Level 2 verification ensures that the systems are actually accessible. Additional reliability is provided by the integrated ransomware scan.
Since the solution relies on snapshots rather than traditional copies, you can make copies at a frequency of 5 minutes rather than once or twice a day.
This means that during a local or remote restore, your loss of data (RPO) is minimal.
Entire systems can be restored in minutes with Datto's instant on-premises or cloud virtualization, while enjoying 5-minute data freshness.
The solution integrates many security features such as mandatory two-factor authentication, as well as the management and monitoring of active sessions.
Present, in conjunction with Datto, recommends carrying out 4 recovery tests per year.
Datto SIRIS is a fully integrated and managed service, payable on a monthly basis, which makes it the ideal solution for SMBs in these troubled times.
Datto SIRIS includes:
Datto SIRIS meets current continuity requirements namely:
To ensure you successfully complete your mission, schedule a demo to see how quickly you recover from a ransomware attack with the Datto solution. Or join Present and Datto's webinar on Apri 21st at 11am, where we will simulate a cyberattack and then demonstrate how the business continuity solution can literally save your business in the event of a cyberattack or outage. The webinar will be given in French.
The right use of technology addresses business challenges and drives business growth in all areas of an enterprise. We hope this blog will offer insight into developing strategies and tactics to enable you to identify those key drivers of growth and keep pace with and anticipate the rapid technology change of today.