Ransomware protection tips include offline storage, user education

Keep your business running with backups

At a breakout session Wednesday at VeeamON, when Vanover asked who has had a ransomware issue, about half of the people in the room raised their hands.

"If ransomware gets into your environment ... the only practical option is to restore from backups," Vanover said.

One of the key ransomware protection tips is to design a layered defense. That includes the use of offline storage. And while some might scoff at the use of tape in 2019, it is the truest example of offline storage. If the media is not connected to the network, a ransomware attack can't affect it.

[Tape] is absolutely the single most resilient specimen regarding ransomware. In spite of its reputation, it is really helpful in this situation.

"It is absolutely the single most resilient specimen regarding ransomware," Vanover said. "In spite of its reputation, it is really helpful in this situation."

Other examples of offline or semi-offline storage include replicated virtual machines when they're powered off and rotating hard drives when they're not being written to or read from online.

User education is one of the ransomware protection tips that often rises to the top of the list.

Al Rasheed, a systems administrator at Applied Engineering Management, noted several elements to user education:

• Don't trust links or attachments in unsolicited emails.
• Signs of a phishing email include unsolicited attachments, generic greetings, spelling and grammar mistakes, and email messages sent from public email addresses.
• The end user should contact the help desk immediately if a computer is possibly infected with a virus or malware.
• Sometimes it comes down to common sense: If you're unsure, report it.

Shane Williford, senior systems engineer at North Kansas City Schools, said his organization was hit with a "nasty" Emotet virus that got in through an email in a user's junk folder and affected Windows PCs. He said he stopped backups right away and thankfully had a good recovery point to restore from backup. That was especially important because the virus eventually morphed into ransomware.

"Having a restore point to recover from is key to keeping your business running," Williford said.

It's also important to be proactive.

"Come up with a plan of action," Williford said. "Don't wait until you have a [ransomware incident]."

Ransomware hitting many types of business

Sometimes it takes an initial investment, or the organization could end up paying far more if it gets hit. Michelle Weston, director at IBM Business Resiliency Services, estimated that the city of Atlanta could have previously invested $2 million in technology to prevent or recover from a virus before it got hit with a ransomware attack. She said the city still isn't completely up and running after the 2018 attack and has spent far more than $2 million.

Ransomware isn't just an enterprise problem. Attacks are hitting small, local governments, Weston said.

And cybercriminals are hitting managed service providers (MSPs), said Ryan Walsh, chief channel officer at cloud distributor Pax8.

"They realize MSPs hold the keys to the kingdom," Walsh said.

For example, MSPs need adequate password management. One MSP could have access to hundreds of passwords.

Vinny Choinski, senior lab analyst at Enterprise Strategy Group, said machine learning and artificial intelligence will help against attacks because those technologies can do a better job than humans in monitoring if files are becoming encrypted.

And don't forget about one of the more basic and classic ransomware protection tips: the 3-2-1 backup strategy. Veeam's Vanover said the strategy doesn't require one specific technology. An organization should have three different copies of data, on two different media, one of which is offsite or -- even better -- offline.