Tech Demo: Take the Ransom Out of Ransomware

© 2017 Unitrends 1#1All-in-One EnterpriseBackup and Continuity

Take the Ransom Out of RansomwareJordan Warsoff | Solutions Engineer

Kevin Collins | Marketing Manager

© 2017 Unitrends 3

"To be honest, we often advise people just to pay the ransom." Joseph Bonavolonta, Asst. Special Agent, FBI Cybercrime Boston Division

What is Ransomware?

© 2017 Unitrends 5

Encrypts victims files with strong unbreakable encryption

Demands payment for private key to unlock data

Payment typically around $200 to $500 in bitcoins

Ransomware Malware

© 2017 Unitrends 6

Ransomware is not new

Recent advances have made it a much larger risk

Early ransomware was “scareware” and “nagware” Didn’t permanently lock files. Was easily removed or avoided Criminals had difficulty in collecting fees anonymously Hacker community not as organized

Long History of Ransomware

© 2017 Unitrends 7

Cryptolocker TorrentLocker CryptoWall CBT-Locker TeslaCrypt Locky Etc.

Many Variations and Copycats

© 2017 Unitrends 8

Popular Tools of Ransomware Variants

Anonymity Online

Electronic Payment

Unbreakable Encryption• AES• RSA• “Curve” ECC

Network to C&C Server• Tor• I2P• POST/HTTPS• Hardcoded URLs

© 2017 Unitrends 9

Requires both Public and Private Key

© 2017 Unitrends 10

Spam Email Campaigns CBT Locker & Torrent Locker

preferred vector Requires interaction from

user Can affect fully patched

systems

Exploit Kits CryptoWall and TelsaCrypt

preferred vector Does not require any

interaction Uses vulnerable installed

software

Infection Vectors

BOTH ARE HIGHLY EFFECTIVE WAYS INTO YOUR SYSTEMS


Get 1 Free Macs vulnerable

Voice Enabled

Highly Localized

Threaten to Leak Data

Ransomware Continuing to Advance

How does an enterprise make sure they never have to pay?


Play Defense Play OffenseDon’t forget about your backup players


Keep software up to date Use virus detection and antivirus prevention Educated users on security protocols such

Avoid clicking untrusted emails and attachments

Watch out for obvious and not so obvious file extensions

Offense: Start With Basic Protection


Disable Active-X content in Microsoft offices apps Have firewalls block Tor, I2P and restrict ports

Block active ransomware variants from calling home to encryption key servers

Block binaries from running from popular ransomware installation paths (e.g. %TEMP%)

Defense: Be Proactive with counter-measures


Backups are Crucial


Real World Examples


3 copies of your data

2 different types of media

1 copy off-site

Start With The Rule of Three


Backup all data on all systems – not just critical data Replication and Continuous Data Protection is great for low

RTO/RPO but can backup the malware with your data Create archives that are physically isolated from your production

systems You can use the archive to go back in time if necessary

Create “bare metal” images of core systems so you can get back to a known systems state quickly

Setup DR Services so you can spin up new VMs for critical systems while you recover your local production systems

Prepare NOW! Don’t wait until it too late!

Backup Best Practices: Make Sure You Never Pay


Local On Premise or

Physical Appliance

2nd Site

Public & Private Cloud

Local backup for fast recovery Archiving to Cloud offsite Fully automated Can be isolated

Cloud Can Help


Instant Recovery Capabilities Be able to spin up workloads from backups in minutes while

productions is cleaned

Ability to protect Windows, Windows Server, Apple Macs, etc.

Linux based backup software – not Windows based Make sure your backups don’t get encrypted too!

Differentiating Feature Of Backup Solution Against Ransomware


Verify your Recoverability Simplifies DR processes through automation of interdepedencies

Eliminates expensive DR testing

Confirms RTO/RPO SLA compliance.

Provides Failover and failback with confidence

Includes Protection for VMware & Hyper-V virtual machines and Windows Physical

Provides Audit Proof Compliance Reporting

So How Can Unitrends Help?


Welcome To The Less Is More WorldIT has less time, money, downtimeIT faces more risks, work, projects


2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020

IT Professionals Servers & VMs Data

IT has less time, money, and downtimeIT faces more risks, work, and projects

Now is DifferentNow is Accelerating


Now is Different…and Now is Accelerating

40%

Enterprises Worldwide Attacked by Ransomware in 2015

259%Increase in

Attacks63% businesses down > 1

day


IT DOWNTIME COSTS NORTH AMERICAN BUSINESSES

$700B ANNUALLY

78% productivity loss, 17% revenue loss, 5% cost to fix


Delta Airlines August 2016Data Center Outage Cost the Company$150,000,000

Average Cost of a Single Data Center Outage $730,000


Apple: $11.1B Profit; $51.5B Revenue Q4-2015

All-in-one integrated personal devices displace separate telephones, cameras, music players, recorders, etc.


Nutanix Grows 87% with $445M or Revenue and > $2B ValuationHyperconverged storage displaces servers, storage, hypervisor


IT Professionals Now Expect to Have Less & Do More

No FingerPointing

MoreFlexibility

More Confidence

LessManagement

More Free Time

MoreUptime


All-in-OneEnterprise Backup andContinuity

Old World• More vendors; more finger pointing, more

management• More work setting up and constantly tuning• Limited continuity; little or no recovery assurance• Windows deployment malware susceptible• Fragmented & lower customer satisfaction; more

worriesNew World• One vendor; one throat to choke• Less work - rack, connect, and go• Local & cloud continuity with recovery assurance• More security; purpose-built hardened Linux• Unified & higher customer satisfaction; more

confidence


Have Less: The Ruthless Pursuit of Simplicity

Old World New World


Best Customer Satisfaction: One Support Call for Everything

Old World New World


Have Less, Do More: Guide to the New WorldRecovery Series Physical Appliances

All-in-one physical backup appliances that deliver simple enterprise backup and continuity. Transform how you protect physical and virtual environments with the industry’s leading hybrid cloud solution.

Unitrends Backup SoftwareAll-in-one virtual appliances that deliver enterprise backup and continuity for all physical, virtual, and cloud workloads. Get maximum flexibility to deploy on your own hardware or in the cloud.

Office 365 Backup

Automatically protects Exchange, SharePoint, and One Drive with unlimited retention.

BoomerangIncredibly low-cost Disaster Recovery in AWS or Microsoft Azure for VMware virtual machines.


Where does Unitrends fit?

OR

NAS SAN Tape Cloud

Backup Copy

RXDA

Physical Virtual NAS Applications

Protect 200+ OS/Applications/Hypervisors

CIFSNFSNDM

P

Hypervisor

Virtual Appliance

Recovery Site

Second Appliance DR Infrastructure with ReliableDR

DRaaS

WAN

OR


“The user interface is so simple

and easy to use. It’s completely

point-and-click, and it just does exactly what you are looking

for.”-David Blair, Englestad Arena

“The thing I really like about the Unitrends solutions is that we

installed it and it just worked.” -Michael Bush, Wes-Dell Community

Schools

“Never before have we been able to combine backup, DR and storage in one tightly

integrated package.”-Roland Welsch, Jefferson County

Local Government“It does it all and it does it well! There has not been one thing I

wanted our system to do since we purchased it that it can’t.”

-Mike Stewart, Blue Ridge School District

“160 pounds of backup awesomeness.”

-Clandis S., Lincoln Memorial

“This improved our backup window from 12 hours down to

about 2 hours. This has probably saved about $15K in FTE resources a year with the straightforward approach to

administration of the system.” -David Kennedy, Financial Asset

Management Systems

WHAT OURCustomers

Say


“Unitrends just has the better product. It’s easier to use, more

intuitive and has better performance”

-Darren Boeck, McNeilus Steel


Protect Everything You Have

Everywhere You Need Continuity

Guaranteed Recovery and Continuity

Within a Single Intuitive Platform

Unitrends All-in-one Backup and Continuity


+Unitrends

@Unitrends

@Unitrends

@Unitrends

+Unitrends

@UnitrendsInc


Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Unitrends, and may or may not be implemented and should not be considered firm commitments by Unitrends and should not be relied upon in making purchasing decisions.

Disclaimer

Tech Demo: Take the Ransom Out of Ransomware

Technology

Transcript of Tech Demo: Take the Ransom Out of Ransomware