Enterprise File Services: Minimizing The Threat of Ransomware TrojansJeff Denworth • SVP of Marketing, CTERA

KASPERSKY REPORT: IT THREAT EVOLUTION IN Q1 2016

critical considerations forenterprise data loss

The probability of a natural disaster is not zero, but is a statistically insignificant threat to enterprise business continuity, versus the #1 contributor to business data loss.

Source: IT Policy Compliance Group, 2015

75% of ALL data loss is due to human error

Q1 2015 Q2 2015 Q3 2015 Q4 2015 Q1 2016

Ransomware Revenue

$24M in all of 2015 $209MQ1 2016

$1 Billion(est.) in 2016

35x y/y growth

Asymptotic

Digital Wallets

SMB

Files

delayed execution

2048-bit Keys

Average Ransom: .5-2 Bitcoins (XBT) per Crypto-Locked Computer

Low-End Ransom: $180 @ .5XBT/Computer

High-End Ransom: $1,500 @ 2XBT/Computer

Online Support

8/4/2016

Ransomware Exposure Is Measured By:• # of Systems That Become Infected• Locky: 90K systems per day @ 0.5-1 Bitcoin ea (Forbes)

• Operational Value of Infected Systems & Data

(rumored) Ransom of $3.4M 10-Day Data Outage Medical Records System Disabled Reverted To Pencil, Paper, Faxing Patients/Business Diverted Paid $17,000 in Bitcoins

Physical Firewalls & Email Security • Proper Employee Training

Rule #1: Implement The Right Safeguards

constant updating; open source derivatives

CryptXXX

source: http://trewmte.blogspot.com

Tips for Dealing with the Ransomware ThreatPrevention Efforts- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.- Patch operating system, software, and firmware on digital - Ensure antivirus and anti-malware solutions auto update- Manage the use of privileged accounts- Configure access controls, including file, directory, and network share permissions appropriately. - Disable macro scripts from office files transmitted over e-mail.- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).

Business Continuity Efforts- Back up data regularly and verify the integrity of those backups regularly.- Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

Source: FBI, “Incidents of Ransomware on the Rise” www.fbi.gov

Legacy Solutions Are Built To Back Up In 24+ Hour Increments

Legacy IT Solutions Make Backup RulesDifficult To Enforce For Mobile Workers

Lack of Source-Based, Global & Block-Based Dedupe = 2-5x Slower

Eg. HP Connected Backup Scheduler

Low Overhead (<2% CPU, 50KB RAM) • Global, Source-Based Deduplication • Service Continuance

Rule #2: Recover Systems With Modern Tools

Fun With ‘Delayed Execution’

The CryptXXX Ransomware downloads a delayed execution DLL file, which waits more than 60 minutes before launching on the victim's computer.

After the time has elapsed, CryptXXX carries out its attack, encrypting the victim's files and collecting important data and money in the form of Bitcoins.

• makes it harder for the victims to connect the incident to the source of infection.

• Delayed execution is also a known VM evasion technique

The Three Areas CTERA Focuses On Business Continuity

endpoints offices cloud serversfile sharing & data protection file servers & data protection data protection only

AVG TIME TO FILE VERSION

Sync Average Case:Sub-5 Minutes

Backup Average Case:Once Every 24 Hours

24 Hour Period Threat Minimized

23+ hrs of exposure contained

Rule #3. Sync (Apologies to the FBI)

OK, Yes.... Please Backup

Recover Your SystemTo A Consistent StateIn The Case Of Full Disk Crypto

But, Seriously … Sync.

A Day Is 1/250th Of A Work Year!

Sync is A Form Of Backup

Limitless File Versioning

Push-Button Restore of Backups or VersionsBackups = 1-24hr Granularity • Shares = 5 Minute Granularity

App for all leading smartphones and tablets:

Anywhere data access.Even when your PC is bricked

Access data from any web browser, recover files instantly.

Embedded Anti-Virus Scanning Upon File Download • Supplements A Strong Firewall

Rule #4: Care For What You Share

Does Cloud-Enabled File Sharing Increase The Blast Radius?

Con:Sharing is easer than ever.

Pro:- Central Governance- Global Scanning- Global Roll-Back

Not Really. Collaboration Isn’t New. Benefits Far Outweigh…

1

Fortify The Perimeter • Train Everyone

2

Use Modern Backup To Ensure RPO

3

Sync To Minimize The Blast Radius

4

Care About What You Share

Eliminate the threat of any natural or man made data disaster.

Recover data in real time using secure, cost-effective cloud technologies.

Questions?