Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ransomware Resiliency, Recoverability and Availability


Published on

Talk about ransomware, protection & recoverability for ransomware for Vmware, Hyper-V and physical workload.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Ransomware Resiliency, Recoverability and Availability

  1. 1. Lai Yoong Seng Systems Engineer & Inside Solution Architect (ASEAN) Ransomware Resiliency, Recoverability & Availability
  2. 2. Ransomware – The Big Picture
  3. 3. What is Ransomware? ‒ Spreads via cryptovirology ‒ Encrypts and holds ransom sensitive data ‒ Sometimes threatens to leak sensitive information ‒ Combines asymmetric and symmetric encryption to lock out user from managed file transfer (MFT) or specific directories or files A type of malicious software (malware) which restricts access to a computer and/or the files on a computer until a ransom amount is paid.
  4. 4. Everyone, Every Sector and Vertical is at risk...
  5. 5. 2012 - Reveton 2014 - Cryptowall 2017 – Ransomware-as-a-Service Ransomware History
  6. 6. The cost of ransomware
  7. 7. Downtime happens and it costs the average enterprise each year Cost increase year-over-year 36% $21.8MILLION Business impact is immense!
  8. 8. But more than just money Loss of customer confidence Damage to brand integrity Loss of employee confidence 48% 40% 33%
  9. 9. RANSOM PRICES AND PAYMENT Most common is Bitcoin • Also iTunes and Amazon gift cards • Paying ransom does not always unlock files More on Ransomware RANSOMWARE TYPES • Screen lockers • Encryption ransomware
  10. 10. Common infection approaches Email with links and/or attachments (invoices) Visiting untrusted sites (torrents, cracked software) Attackers may use vulnerabilities of your browser, OS or installed software Downloading/running untrusted software Methods are always changing to adapt to new and old vulnerabilities Skype or any other messengers may distribute infecting links (compromised trusted contacts)
  11. 11. All systems go While most ransomware targets the Windows desktop, there is also Linux or macOS ransomware Linux KillDisk ransom message FileCoder ransom message
  12. 12. Ransomware Preparedness Better safe, than sorry!
  13. 13. Antivirus effectiveness While antivirus does update their libraries to protect from certain variants, there is no single tool that will protect you 100% from a ransomware attack A false sense of security can occur when using antivirus solutions It is still important to ensure that your antivirus and anti- malware solutions are modern and auto- updated Ransomware can adapt and overcome traditional security solutions like AV and SEG; get these basics rights and you are only half way to being protected
  14. 14. How to prepare for ransomware attacks a. Penetration testing to find any vulnerabilities a. Not opening attachments or links from unknown sources b. Inform employees if a virus reaches the company network. 4 Back up all information every day 5 Back up all information to a secure, offsite location Keep all software up to date Perform a threat analysis with your security team: Train staff on cyber security practices on: 1 2 3
  15. 15. Master 3-2-1 Rule Tip
  16. 16. Master the 3-2-1 Rule 2Different media 3Different copies of data 1of which is off-site cloud tape datacenter
  17. 17. 3–2–1 Rule with Storage Integration Enables complete data Availability Tape Device Backup Target To insure data recoverability against ransomware: Dell-EMC storage snapshots Have three copies of your data Store on two different media types Keep one copy off site Off-line media Veeam Cloud Connect Database, Applications, Files & Data
  18. 18. Failover VM Replication Failover to your DR site with 1 click Replication Production 10.X.X.X DR site 192.X.X.X 60s 120s 90s
  19. 19. Tape Tape server Library & Drives Media (Tapes) Media Pool
  20. 20. Backup Copy Job Production Offsite
  21. 21. Veeam Cloud Tier The Cloud Tier feature of Scale-out Backup Repository facilitates moving older backup files to cheaper storage, such as cloud or on-prem object storage Scale-out Backup Repository Older backup files DAS NAS Dedupe appliance Microsoft Azure Blob
  22. 22. Ransomware Remediation and Recovery
  23. 23. Ransomware Remediation Pay the Ransom No guarantee data will be decrypted Contact your local Crime Prevention / Fraud Field Office Internet Crime Complaint Center (IC3): Restore compromised data from backups
  24. 24. Restore or run from known good copy from: Time to restore: You have options Restore the whole VM? Or just the section that was infected? Tape Device Backup Target Dell-EMC storage snapshots Restore Veeam Cloud Connect Database, Applications, Files & Data Dell/EMC Data Domain Boost • Run or restore from a Storage Snapshot • Run or restore from secure backup target • Restore from off-line tape storage • Restore from remote site or cloud VM Recovery Off-line media Granular recovery
  25. 25. Reliability of Backup Data 27% 43% 25% 4% 1% Very concerned Somewhat concerned Not very concerned Not at all concerned Don’t know/never considered CONCERN ABOUT CROSS CONTAMINATION OF BACKUPS? 70% of Customers are concerned about backups being contaminated! ESG October 2018 Data Protection Landscape Study
  26. 26. Permits restore without re-exploitation of zero-day risks Secure Restore
  27. 27. DataLabs Secure Restore An optional part of the restore process: Veeam Backup & Replication Veeam Repository 1. Select Restore Point 2. Mounts restored disks from backup file directly to backup server 3. Triggers AV scan of mounted volumes 4c. If infection found – abort recovery 4a. No issues found - restore 4b. If infection found – restore without network
  28. 28. Endpoint devices and Non-virtualized systems
  29. 29. Veeam Availability Suite Physical Workloads, Raw Disk Mapping & Cluster Public Cloud Veeam Agent Veeam Agent Availability for ALL your workloads
  30. 30. Protecting Physical Workload
  31. 31. Thank you