ctera minimizing the threat of ransomware with enterprise file services
TRANSCRIPT
![Page 1: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/1.jpg)
Enterprise File Services: Minimizing The Threat of Ransomware TrojansJeff Denworth • SVP of Marketing, CTERA
![Page 2: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/2.jpg)
KASPERSKY REPORT: IT THREAT EVOLUTION IN Q1 2016
![Page 3: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/3.jpg)
critical considerations forenterprise data loss
![Page 4: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/4.jpg)
![Page 5: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/5.jpg)
![Page 6: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/6.jpg)
![Page 7: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/7.jpg)
![Page 8: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/8.jpg)
The probability of a natural disaster is not zero, but is a statistically insignificant threat to enterprise business continuity, versus the #1 contributor to business data loss.
![Page 9: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/9.jpg)
![Page 10: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/10.jpg)
![Page 11: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/11.jpg)
Source: IT Policy Compliance Group, 2015
75% of ALL data loss is due to human error
![Page 12: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/12.jpg)
Q1 2015 Q2 2015 Q3 2015 Q4 2015 Q1 2016
Ransomware Revenue
$24M in all of 2015 $209MQ1 2016
$1 Billion(est.) in 2016
35x y/y growth
Asymptotic
![Page 13: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/13.jpg)
![Page 14: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/14.jpg)
![Page 15: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/15.jpg)
Digital Wallets
SMB
Files
delayed execution
2048-bit Keys
![Page 16: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/16.jpg)
![Page 17: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/17.jpg)
Average Ransom: .5-2 Bitcoins (XBT) per Crypto-Locked Computer
Low-End Ransom: $180 @ .5XBT/Computer
High-End Ransom: $1,500 @ 2XBT/Computer
![Page 18: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/18.jpg)
Online Support
8/4/2016
![Page 19: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/19.jpg)
Ransomware Exposure Is Measured By:• # of Systems That Become Infected• Locky: 90K systems per day @ 0.5-1 Bitcoin ea (Forbes)
• Operational Value of Infected Systems & Data
![Page 20: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/20.jpg)
(rumored) Ransom of $3.4M 10-Day Data Outage Medical Records System Disabled Reverted To Pencil, Paper, Faxing Patients/Business Diverted Paid $17,000 in Bitcoins
![Page 21: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/21.jpg)
Physical Firewalls & Email Security • Proper Employee Training
Rule #1: Implement The Right Safeguards
![Page 22: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/22.jpg)
constant updating; open source derivatives
CryptXXX
source: http://trewmte.blogspot.com
![Page 23: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/23.jpg)
Tips for Dealing with the Ransomware ThreatPrevention Efforts- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.- Patch operating system, software, and firmware on digital - Ensure antivirus and anti-malware solutions auto update- Manage the use of privileged accounts- Configure access controls, including file, directory, and network share permissions appropriately. - Disable macro scripts from office files transmitted over e-mail.- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
Business Continuity Efforts- Back up data regularly and verify the integrity of those backups regularly.- Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.
Source: FBI, “Incidents of Ransomware on the Rise” www.fbi.gov
![Page 24: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/24.jpg)
Legacy Solutions Are Built To Back Up In 24+ Hour Increments
Legacy IT Solutions Make Backup RulesDifficult To Enforce For Mobile Workers
Lack of Source-Based, Global & Block-Based Dedupe = 2-5x Slower
Eg. HP Connected Backup Scheduler
![Page 25: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/25.jpg)
Low Overhead (<2% CPU, 50KB RAM) • Global, Source-Based Deduplication • Service Continuance
Rule #2: Recover Systems With Modern Tools
![Page 26: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/26.jpg)
Fun With ‘Delayed Execution’
The CryptXXX Ransomware downloads a delayed execution DLL file, which waits more than 60 minutes before launching on the victim's computer.
After the time has elapsed, CryptXXX carries out its attack, encrypting the victim's files and collecting important data and money in the form of Bitcoins.
• makes it harder for the victims to connect the incident to the source of infection.
• Delayed execution is also a known VM evasion technique
![Page 27: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/27.jpg)
The Three Areas CTERA Focuses On Business Continuity
endpoints offices cloud serversfile sharing & data protection file servers & data protection data protection only
![Page 28: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/28.jpg)
AVG TIME TO FILE VERSION
Sync Average Case:Sub-5 Minutes
Backup Average Case:Once Every 24 Hours
24 Hour Period Threat Minimized
23+ hrs of exposure contained
![Page 29: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/29.jpg)
Rule #3. Sync (Apologies to the FBI)
OK, Yes.... Please Backup
Recover Your SystemTo A Consistent StateIn The Case Of Full Disk Crypto
But, Seriously … Sync.
A Day Is 1/250th Of A Work Year!
Sync is A Form Of Backup
![Page 30: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/30.jpg)
![Page 31: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/31.jpg)
Limitless File Versioning
Push-Button Restore of Backups or VersionsBackups = 1-24hr Granularity • Shares = 5 Minute Granularity
![Page 32: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/32.jpg)
App for all leading smartphones and tablets:
Anywhere data access.Even when your PC is bricked
Access data from any web browser, recover files instantly.
![Page 33: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/33.jpg)
Embedded Anti-Virus Scanning Upon File Download • Supplements A Strong Firewall
Rule #4: Care For What You Share
![Page 34: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/34.jpg)
Does Cloud-Enabled File Sharing Increase The Blast Radius?
Con:Sharing is easer than ever.
Pro:- Central Governance- Global Scanning- Global Roll-Back
Not Really. Collaboration Isn’t New. Benefits Far Outweigh…
![Page 35: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/35.jpg)
1
Fortify The Perimeter • Train Everyone
2
Use Modern Backup To Ensure RPO
3
Sync To Minimize The Blast Radius
4
Care About What You Share
![Page 36: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/36.jpg)
Eliminate the threat of any natural or man made data disaster.
Recover data in real time using secure, cost-effective cloud technologies.
![Page 37: CTERA Minimizing the threat of Ransomware with enterprise file services](https://reader035.vdocuments.net/reader035/viewer/2022070602/587b98cd1a28ab4e4f8b6f19/html5/thumbnails/37.jpg)
Questions?