In late 2013, a new virus/malware appeared called CryptoLocker. What makes this malware unique is that its maker’s intention is to do more than just infect computers to see how much havoc they can wreak, this one actually wants to make money. Once CryptoLocker and its ransomware copy-cats are on your computer, they encrypt certain key files until you pay them for the passcode. Since the operation is making money, they can spend money to get their code propagated around the world.
The targets of these ransomware products seem to specifically be small to medium size business computers and servers and they typically go after applications like Quickbooks data and other financial information. They also price the ransom so that you can afford it ($300) and have the appropriate motivation to get you to act quickly. If you don’t pay up in a certain time, you have to pay $3,000 to get your data unlocked.
Interestingly, there are numerous incidences of users paying for and getting the codes to unlock their data. That said there is no assurance that the malware won’t strike again, so the safest bet is to reformat any infected system.
Backup is The Best Protection
The best protection against ransomware? Frequent backups to a storage device not connected to your computer or server. The separation is key because if your backup device is connected when the malware is installed, it might very well infect the data on there as well. The cloud is an ideal solution for this type of protection and Cloud Service Providers (CSP) / Managed Service Providers (MSP) should take note.
What To Look For In Cloud Backup To Beat Ransomware
A backup to a CSP/MSP solves the problem of ransomware as long as their software has some essential capabilities. First, the software has to be able to backup data at a block level. Not only is this important so that backups go across the internet safely but also so that the user or server administrator is motivated to perform backups frequently. In fact, there is no reason that these backups couldn’t be done every hour or so. But if an SMB decides to protect themselves from ransomware via frequent backups, they are going to want to look for a second essential capability: the ability for their provider to cost effectively store unlimited versions of a file.
The third essential capability, especially for larger SMB, is to make sure that the CSP/MSP has the ability to backup databases while they are still operating. Online backup of SQL and Exchange is critical since these could also be high-value targets of ransomware.
The CSP Can Make The Difference
Ransomware like CryptoLocker actually allows MSPs/CSPs to provide true value to their customers. As Nathan Bradbury posted in the Intronis blog in December, “5 ways to protect your managed services clients from cryptolocker”, frequent data protection is the foundation but MSPs and CSPs should also provide education to their clients around security policies, antivirus subscriptions and handling email attachments. In other words, the threat of ransomware can give the provider a chance to become a trusted advisor to their client.
The CSP Has To Have The Right Partner
The key for the service provider, other than having on staff expertise in security and virus protection, is to have a solid backup solution for their back-end. Intronis is an excellent example of a solution that meets the above requirements with minimum startup expense. This allows resellers and integrators to easily evolve their business into a cloud service provider. That said, the solution provides advanced protection capabilities like Exchange, SQL and VMware protection that the more seasoned service provider may be looking to upgrade to.
Now that malware providers have a monetary motivation to infect your laptops and servers, the onslaught of these attacks is going to get worse. Certainly businesses should be focused on keeping these applications from infecting their business, but they also need to be prepared for the increasingly likely situation that some form of ransomware will make it through the protection wall. Frequent backups where only hours of data will be lost, in case a system needs to be reformatted, represents the best recovery in case there is a crack in the fire wall.
Intronis is a client of Storage Switzerland