Virtualization Technology News and Information
Article
RSS
The Ultimate Ransomware Protection Solution

Article Written by Doug Hanchett, Acronis

With its scary name, unnerving anonymity and insidious nature, ransomware has crawled out of the shadowy recesses of the internet to become today's top IT threat.

"Ransomware is becoming a pandemic," cybersecurity expert Eric O'Neill said during a 2017 webinar for the launch of Acronis Backup 12.5. "These [attacks] are hitting us month after month after month, week after week." 

But this pandemic didn't happen overnight. In fact, ransomware originated way back in 1989 with the AIDS Trojan - malware that was distributed on 3.5-inch floppy disks. Until recently, however, ransomware attacks were small and sporadic.

That began to change in 2015 as the number of ransomware incidents began to steadily increase. By 2016 a few high profile cases started to make headlines:

  • In February, Hollywood Presbyterian Hospital had to revert to pen-and-paper recordkeeping for more than a week after a ransomware attack took control of its systems. It eventually paid $17,000 worth of bitcoin to regain access.
  • In November, San Francisco's light rail system was the target of an attack with the perpetrators hitting the agency's electronic payment system and brazenly demanding more than $70,000 worth of bitcoin.  Rather than pay the ransom, the agency simply let passengers ride for free until it could restore the affected systems.
  • Then there was the WannaCry attack in May of 2017, which tore across the globe and infected almost a quarter million machines in 150 countries over the course of just a couple days.

Not only are ransomware attacks on the rise, but research by enterprise security firm Symantec shows that the average ransom demand tripled in 2016, as did the number of different ransomware families.

Everyone expects that trend to continue. So let's take a closer look at ransomware and how you can protect yourself from this emerging menace.

What is Ransomware?  

Ransomware is malicious software that infects a device and essentially holds it hostage, blocking access to it or the information stored on it. In order to unlock the device or the data, the user is required to pay a ransom, usually in widely used e-currency like bitcoin.

There are two main types of ransomware:

  • So-called Windows blockers that block the operating system or browser with a pop-up window.
  • Encryption-based ransomware that encrypts files and folders behind the scenes.

Encryption-based ransomware is what most people think of today when discussing ransomware. Once the files are encrypted, the ransomware opens a window on the screen explaining that the files are encrypted and that the victim has to pay a ransom to get them decrypted.

It's interesting to note that while most ransomware attackers will act kindly to their victims and offer them assistance in navigating the world of bitcoin, it's just a façade: according to Symantec, only 47 percent of victims actually get their data back after paying the ransom.

As a result, the Department of Justice advises victims to think twice about paying any ransom.

How Ransomware Works

Ransomware is spread in a number of ways, including via websites, social media and instant messaging apps. But the most common approach is through "spear phishing" emails that trick the recipient into opening an attachment that launches the attack.  

In a typical scenario, a user receives an email designed to look like something important - an invoice or a receipt from some company, for instance. The email usually contains an attachment along with some devious language that makes it hard to resist opening the attachment - something like "Here are the details of your recent purchase. Please review the attached receipt."

Human nature is to think "I don't remember buying anything from them. What the heck?" and the recipient clicks on the attachment to find out more. Bad move.

Opening the attachment enables a small piece of malware called a downloader to run. The downloader does what its name implies: downloads the ransomware. Once the ransomware is installed, it begins quietly encrypting files and folders unbeknownst to the user. 

A Real World Example

Although it has been around for almost 30 years, ransomware burst into the greater public consciousness with WannaCry, the largest ransomware attack ever. WannaCry spread like wildfire and affected a diverse collection of entities, including FedEx, Spain-based Telefonica, Britain's National Health Service, German railway company Deutsche Bahn, and LATAM Airlines.

WannaCry spread quickly by exploiting a known vulnerability in Microsoft Windows. Fortunately a sharp-eyed British IT consultant discovered a "kill switch" in the WannaCry code that helped put the brakes on it, although variants continued to crop up for weeks afterward.

"WannaCry did not incorporate what we call a classic ‘zero day' attack where there is no advance warning," Gregory Touhill, former Chief Information Security Officer of the United States, told the United States Congress during its hearings into the attack. "Most programs are not written like WannaCry and aren't so easy to stop. We were lucky. I believe WannaCry was a slow-pitch softball, while the next attack is likely to be a blazing fastball."

How to Protect Yourself

The first line of defense is keeping your software and systems updated. In the case of WannaCry, it spread through a glitch that Microsoft had patched two months earlier. Many of its victims would have been protected had they simply downloaded and installed Microsoft's fix.

Second, any data protection strategy should include a strong anti-virus solution as a matter of course. Unfortunately, traditional signature-based detection is often useless against ransomware because cybercriminals tend to encrypt their malware to make it harder to spot. Plus the bad guys research anti-virus solutions to uncover weaknesses in detection technologies or program architectures in order to evade discovery.  

So the easiest defense against ransomware is a strong, consistent backup regimen - something all anti-virus vendors recommend. Regular backups of your data that are secured off-site make ransomware almost toothless. If you are hit by an attack, there's little to worry about because you have safe, secure copies of any files that might have been encrypted. 

"Individuals or businesses that regularly back up their files on an external server or device can scrub their hard drive to remove the ransomware and restore their files from backup," Peter Kadzik, assistant U.S. Attorney General, wrote in a letter to Congress in 2016. "If all individuals and businesses backed up their files, ransomware that relies on encrypting user files would not be as profitable a business for cyber criminal actors."

That said, it's always best to stop a ransomware attack as quickly as possible. And that's where Acronis comes in. Not only do we deliver the world's fastest, most reliable backup solutions, but Acronis Active ProtectionTM is the first backup technology that actively protects your data against ransomware.  

Fight Back Against Ransomware

Acronis Active Protection works in real-time behind the scenes to detect and deflect ransomware attacks. Here's how:

Acronis Active Protection uses sophisticated analysis and artificial intelligence to monitor your system. If it spots any errant behavior or suspicious processes, it stops the activity and blacklists the program responsible for it, ensuring that it can't restart on the next reboot.

If ransomware somehow does manage to sneak through and start encrypting files, Acronis Active Protection will quickly detect the encryption and halt it - automatically restoring the files to the most recently backed up version. 

In addition, Acronis Active Protection is designed so that only Acronis software can modify backup files. This robust self-protection mechanism means that ransomware can't short-circuit backup operations and alter the content of backup files.

How effective is Acronis' solution? In testing by an independent lab, Acronis Active Protection significantly outperformed 22 anti-virus solutions in recognizing and stopping ransomware.

Final Thought

While ransomware might have started 30 years ago, experts agree that the recent explosion of attacks indicate we now face a continuous, ever-evolving threat. Individuals and businesses looking to protect themselves need to be vigilant by  not clicking on links that deliver malware, ensuring their programs and operating systems are updated, and safeguarding their files via regular backups. Adding Acronis Active Protection takes their data protection to the next level and provides comprehensive security in today's increasingly dangerous digital landscape.

##

About the Author

Doug Hanchett is the corporate content manager at Acronis. Formerly an award-winning newspaper reporter, Doug has spent the last 12 years creating killer content for global IT firms.  

Published Monday, June 26, 2017 8:23 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<June 2017>
SuMoTuWeThFrSa
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678