Prepping for Ransomware in 2017 Risks change, and so should you. - - PowerPoint PPT Presentation
Prepping for Ransomware in 2017 Risks change, and so should you. THM Group & Infrascale ABOUT THM GROUP Providing custom end-to-end voice & data solu4ons At a Glance Key Focus Founded: 20 years ago HQ: Barrie, Ontario Businesses
Risks change, and so should you.
At a Glance Key Focus
Providing custom end-to-end voice & data solu4ons
Founded: HQ: Businesses Served: Focus Areas: 20 years ago Barrie, Ontario All sizes of Companies SMB to Enterprise Secure reliable back up and rapid recovery soluEons Business voice & internet soluEons Custom Voice & Audio ProducEons
INFRASCALE AT A GLANCE
Unrivaled initial backup speed and a full set of features and tools make it a top choice for off-site data protection.
THIRD PARTY VALIDATION
2011 Los Angeles, CA 1,000 1M devices protected & counting 7 global data centers 100+ petabytes of data Founded: HQ: Partners: Customers: Data Centers: Data Protected:
VISIONARY
Disaster Recovery as a Service
THE MISSION & RANSOMWARE WHY US? WHAT SHOULD YOU DO TO PREPARE?
Q&A AND PRIZE GIVEAWAY
Source: The Cost of Server, Applicatio Network Downtime: North American Enterprise Survey and Calculator, IHS I (January 2016)
IT downtime costs North American businesses $700 billion annually, mostly due to loss of employee productivity. [VALU E]% [VALU E]% [VALU E]%
COST TO FIX REVENUE LOSS PRODUCTIVITY LOSS
ANNUAL AGGREGATE COSTS: $700 BILLION
Of those surveyed have had a data center outage in the past 24 months.
TOP CAUSES OF DOWNTIME
PERVASIVENESS OF DOWNTIME 55% 22% 18% [VAL
0% 10% 20% 30% 40% 50% 60% Hardware failure Human Error SoYware Failure Natu Disas
Sources: Ponemon Researc Quorum DR Repo
Of companies experienced an outage or downtime THIS year.
How ransomware has become the leading cyber crime in history
new malware modifications were detected in Q1 2016.
Of ransomware victims were unable to access their data for 3 to 5 days causing $70B in downtime losses.
In ransoms have been paid in 2016 alone and continues to accelerate.
Of SMBs fell prey to phishing emails in 2015.
Kaspersky Lab Q1 Threat EvoluEon Report, May 2016) Intermedia 2016 Crypto-Ransomware Report
ThreaTrack Security, March 2015 Verizon 2015 Data Breach InvesEgaEons Report
Source:
t & Amjad rooq Alvi
ded a special m” message in ir software to ntify piracy.
PC Cyborg/ AIDS
The first ransomware, was delivered via floppy discs.
GPCoder (aka PGPCoder)
Utilized symmetric encryption which made it fairly easy to hack.
CPcode.ak
Non-encrypted ransomware that took control of the whole computer The evolution of RSA-1024 and AES-256 made it easier for bad actors to encrypt more files, fast.
Cryptowall Infiltrates users‘
infected email messages and fake downloads A ransomware trojan that targeted computers running Microsoft Windows
Locky
Malware aggressively massive sp campaigns compromi website The rise of Bitcoin as cryptocurrency
1986 1989 2006 2010 2014 2016
High Speed Encryp^on Cryptolocker
Massive phishing attack sent to as many as 100 million email addresses claiming to be an Amazon shipping order update. Recent attack crippled the Hollywood Presbyterian Medical Center and compelled the hospital to pay $17,000. Locky has the ability to encrypt network shares and drives that your workstation may not normally have access to.
WORLDWI DE REACH TARGETIN G BUSINES SES NETWOR K EFFECT
Ransomware extortionists will wreak havoc on corporate IT infrastructures in 2016 like never before.”
END USER
Sync & Share Tools Critical Applications & Network Backups
END USER
END USER
ADMIN
Another Business
There are only two options at this point:
How long would it take you to restore systems to pre- infection? Would the downtime be costlier or more disastrous than paying the ransom?
Hope they provide the encryption key to unlock systems & files Restore systems to a point BEFORE the infection
AV software is signature-based New threats are created at a rate of 3.5 per second The rise of “crypting” (metamorphic malware Users always have bad digital hygiene (and always will) Needs to be a part of a layered approach
Source: Gartner, Use These Five Backup and Recovery Best Prac4ces to Protect Against Ransomware, June 2016
I've never figured out the fuss over ransomware…The single most important thing any company or individual can do to improve security is have a good backup strategy. It's been true for decades, and it's s4ll true today.
Infrascale Board MeeEng: April 2016 17
Anti virus Backup & DR Security
Outer- perimeter Inner- perimeter
Backup & DR
Must be able restore files surgically Must be able bring back en systems Must be fast!
Remove the infected machine from the network Figure out when you were infected Roll back from a previous backup (or image)
Ransomware InfecEon Power down machine Determine date/Eme
Rebuild server (OS and soYware installaEon) Reconfigure DB services Restore clean DB files from backup Inject old DB (from restored backup) to rebuilt DB Establish connecEvity (DB & input sv
TOTAL DOWNTIME (BEST CASE): 4-5 hours TOTAL DOWNTIME: 1-2 minutes
Is DB part of a cluster? Repeat each of these steps for each machine connected to
Ransomware InfecEon Power down machine Determine date/Eme
Log into DRaaS dashboard Boot VM (from last clean backup)
1 2 3 4 5 6 7 8 1 2 3 4 5
Roll back 2 days or 4 years
Hours
BACKUP
Minutes
DISASTER RECOVERY
Hours - Days Hours
Back up and running Disaster Happens Back up and running
RESTORE BACKUP BACKUP
Disaster Happens
RUN RESTORE RUN
Hours - Days
INFRASCALE GUARANTEES SYSTEM FAILOVER FROM ANY DISASTER IN 15 MINS OR LESS AT A FRACTION OF THE COST.
Offsite Tape Backup Cloud Backup Appliance Backup Cold Site DR Hot Site DR Warm Site DR
DAYS SECOND S
RECOVERY TIME COST
$ $$$$$
DRaaS Nirvana
OLD WAY
On-Premises (ProducEon)
ers | Databases | Load Balancers
People Bandwidth
$$$$$
Primary e Costs:
$$$$$
Secondary Site Costs:
$$$
Opex Costs:
$$$$$
TOTAL DR COSTS:
<1 Minute Failover
NEW WAY
On-Premises (ProducEon)
ers | Databases | Load Balancers
Private/Public Cloud
People Bandwidth
<15 Minute Failover
Secondary (standby) datacenter
Servers | Databases | Load Balancers
$
Primary e Costs:
$
Secondary Site Costs: Opex Costs:
Included
10:1 COST DIFFERENCE
$
TOTAL DR COSTS:
END USER
working
Virtualize
Ransomwar e attacks…
Ellen McCree
Systems Analyst University of Virg Alumni Associa
TARGET
University of Virginia Alumni Association Charlottesville, VA Total downtime: 1.5 hours
LOCATION IMPACT
With Infrascale, I quickly and easily recovered clean versions of our encrypted files with minimal user impact. It was easy-peasey.”
PROTECT ANY DEVICE SUPPORT ANY OS BUILT-IN SECURITY RECOVER ANYTHING STORE IN ANY CLOUD BOOT ANYWHERE FAILBACK ANYTIME
HQ Core DC Remote/Branch Offices End-points Mission critical
HQ Core DC Remote/Branch Offices End-points Mission critical
Infrascale Disaster Recovery Infrascale Cloud Backup
Physical Servers Virtual Servers Desktops Laptops Databases Cloud Failover Appliance Encryption 256 AES Deduplication & compression
HOME (PRIMARY) SITE OFFSITE (SECONDARY) SITE
Spin Up Server
FAILOVER FAILBACK
Spin Up Server
1024 AES ENCRYPTED TRANSFER 010010101010111 110001101000110
Paired appliance, Cloud, AWS, Azure
Not yet, but maybe later.
Yes, I’d like to learn more.
Yes, but not immediately.
4
PROTECT AGAINST MICRO & MACRO DISASTERS MULTI-LAYERED NETWORK SECURITY PROTECT ALL SYSTEMS TECT YOUR BUDGET PROTEC AGAINST RANSOMW