recovering your customers from ransomware without paying ransom
TRANSCRIPT
Recover ing Your Cus tomers f rom Ransomware
Without Paying Ransom.
Scott ParkerSr. Product Marketing ManagerSolarWinds MSP
Martin MerrellSenior Sales EngineerStorageCraft
THE WEBINAR
WILL BEGIN SOON!
Recover ing Your Cus tomers f rom Ransomware
Without Paying Ransom.
Scott ParkerSr. Product Marketing ManagerSolarWinds MSP
Martin MerrellSenior Sales EngineerStoragecraft
© 2016 N-able Technologies ULC. All rights reserved.
?
Length: 60 min
Questions welcome any time in chat
REC Recording and slides will be posted
W e b i n a r d e t a i l s
© 2016 N-able Technologies ULC. All rights reserved.
The Remote Monitoring and Management solution trusted by over 5500 MSPs globally.
Integrated Patch, AV, Backup, Mobile Management and remote control.
Customer facing reporting and analytics.
Drag-and-drop Automation anyone can use.
Integration with PSA solutions for ticketing.
I n t r o d u c t i o n t o N - c e n t r a l b y N - a b l e
Remote Monitoring and Management for MSPs
© 2016 N-able Technologies ULC. All rights reserved.
O n l y 2 - 3 % o f d i s a s t e r s a r e “ n a t u r a l ” d i s a s t e r s
I f i t disrupts your normal business operat ions,
i t ’s a disaster.
R e t h i n k t h e d e f i n i t i o n o f d i s a s t e r
© 2016 N-able Technologies ULC. All rights reserved.
A type of malware that, upon
infection, restricts access to
files or threatens permanent
destruction of data until you
pay a ransom.
W h a t i s R a n s o m w a r e ?
© 2016 N-able Technologies ULC. All rights reserved.
A message pops up saying your
computer is locked until you
pay for a key to decrypt your
data.
F i r s t S i g n o f Tr o u b l e …
9© 2016 N-able Technologies ULC. All rights reserved.
CryptoLocker
earned its creators
$27 million in
ransom payments
in its first two
months alone.
Source: Forbes,
© 2016 N-able Technologies ULC. All rights reserved.
Loss of sensitive or proprietary data
Disruption of business operations
Loss of revenue and productivity
Financial losses to restore systems or files
Potential damage to reputation
B u s i n e s s I m p a c t C a n B e D e v a s t a t i n g
© 2016 N-able Technologies ULC. All rights reserved.
Looks convincing.
Commonly propagated through spoofed emails.
Includes enticing subject line.
Open email attachment (.zip), or click on link in email.
Encrypts on all local files on machine, then attacks
network folders.
Damage is done before you notice it has taken place.
O n e W r o n g C l i c k …
..and you’ve got Ransomware
© 2016 N-able Technologies ULC. All rights reserved.
• University of Calgary, Calgary, Alberta, CA
(May, 2016)“…Paid nearly $16,000 in ransomware attack…”
• Hollywood Presbyterian Hospital, Los Angeles,
CA (February, 2016)“…Paid a $17,000 ransom in Bitcoin.”
• Police Department, Tewksbury, MA“…Paid $500…”
• City of Plainsville, NJ“…Paid $700…”
The FBI estimates ransomware losses to be as high as
$209 million as of March, 2016.
I t C a n H a p p e n t o An y o n e
© 2016 N-able Technologies ULC. All rights reserved.
Make them aware of popular social engineering methods
and tactics
Do not open emails from strange or unfamiliar
email addresses
Do not open attachments or click on links in emails you
receive unexpectedly from unfamiliar senders; verify the
sender first
Do not double click on email attachments
Do not download software from torrent sites
Do not disable anti-virus or anti-malware software
P r e v e n t i o n i s t h e B e s t P r o t e c t i o n
© 2016 N-able Technologies ULC. All rights reserved.
Keep Windows® and other operating systems updated Latest security patches and updates.
Install and use anti-virus software Make sure it is regularly updated and has automatic updates enabled.
Employ effective email security tools and policies Use email SPAM filtering and virus scanning.
Carefully manage user credentials .
Use complex passwords.
Force password changes periodically.
Do not run Microsoft® Office applications on servers and
limit web browsing
E l i m i n a t e T h r e a t s
Before they reach the end user.
© 2016 N-able Technologies ULC. All rights reserved.
1. Walk away from your data How valuable is it to you?
2. Pay the ransom Should you pay the ransom?
3. Recover from backup How can you help clients avoid paying
the price
RECOVERY
I f P r e v e n t i o n F a i l s …
You have three options.
17© 2016 N-able Technologies ULC. All rights reserved.
C P I S o l u t i o n s
Serves small- and
medium-sized businesses.
Los Angeles, San Bernardino
and Ventura Counties.
4,000+ managed servers and
desktops.
18© 2016 N-able Technologies ULC. All rights reserved.
10 clients attacked
830 users impacted
3 million files damaged
$0 ransom paid
CryptoLocker attack
C P I S o l u t i o n s
19© 2016 N-able Technologies ULC. All rights reserved.
H o w C P I S o l u t i o n s C o n q u e r e d C r y p t o L o c k e r
“No business is ever really safe from
malicious software including
ransomware. The best form of
protection is frequent and consistent
backups that are checked on a
regular basis.”
James Oberhaus
Vice President of Managed IT Services
© 2016 N-able Technologies ULC. All rights reserved.
Backup Type < Configuration The type of backup is less important than its configuration.
File & Folder-based backup can protect data from being encrypted.
Image-based backup can protect a “full workload” meaning it will the capture OS, applications, settings, services, and data.
Prevent ransomware for “seeing” the backup files The first types of ransomware did not target backup file types.
Today, ransomware has targeted backup files and full volumes.
B a c k u p , B a c k u p , B a c k u p
22© 2016 N-able Technologies ULC. All rights reserved.
C r e a t e R e g u l a r B a c k u p s
Benefit: Restore files and whole system to a
state prior to the infection
Capture OS, applications, settings, services, and
data.
Fast, reliable, and secure.
Virtual and physical Windows and Linux® systems.
Full, continuous incremental backups.
Schedule as often as every 15 minutes for multiple
recovery points.
BACKUP
23© 2016 N-able Technologies ULC. All rights reserved.
Use unique credentials for each shared folder (not
default root/admin or user account) – Only allow
specific IT Admin accounts to access backup
folders.
Lock down access to server/NAS hosting the
shared folders.
Run periodic AV scans of shared folders (outside
backup schedule).
Do NOT map backup folder so user can directly
access centralized dashboard and reporting.
MANAGE
W r i t e B a c k u p s t o a N e t w o r k S h a r e a n d R e s t r i c t A c c e s s
24© 2016 N-able Technologies ULC. All rights reserved.
Benefit: If defenses don’t work, recover
from offsite backup
Replicate to an offsite location.
Replicate to the Cloud.
Replicate to a USB HDD and take backups
offsite.
Secure data transfer. REPLICATE
R e p l i c a t e B a c k u p s t o a D i f f e r e n t P h y s i c a l L o c a t i o n
25© 2016 N-able Technologies ULC. All rights reserved.
Benefit: Ensure backups can be reliably recovered
Mount backups and scan files with an anti-virus product.
P e r i o d i c a l l y C h e c k B a c k u p s f o r V i r u s e s
26© 2016 N-able Technologies ULC. All rights reserved.
Educate users not to double click
email attachments
Restrict user access to backup
console on machine only agent
Prevent a user from changing backup
settings.
P r o p e r l y E d u c a t e a n d R e s t r i c t Ac t i v i t y
27© 2016 N-able Technologies ULC. All rights reserved.
Recover quickly, easily, reliably.
Many options for full service restore.
Every time, everywhere.
RECOVERY
R e c o v e r W i t h o u t P a y i n g t h e R a n s o m
© 2016 N-able Technologies ULC. All rights reserved.
T h a n k y o u !
The N-ABLE TECHNOLOGIES and N-CENTRAL marks are the exclusive property of N-able Technologies ULC and its affiliates, are registered with the U.S. Patent and Trademark Office and the Canadian Intellectual Property Office, and may be registered orpending registration in other countries. All other N-able trademarks, service marks, and logos may be common law marks, registered or pending registration in the United States, Canada, or in other countries. All other trademarks mentioned herein areused for identification purposes only and may be or are trademarks or registered trademarks of their respective companies.
For more information on backup solutions please visit www.n-able.com.
For additional Ransomware content please visit www.n-able.com/ransomware.