taking a proactive approach to combat ransomware [druva webinar]
TRANSCRIPT
![Page 1: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/1.jpg)
1
The Rising Tide of Ransomware
John ShierSenior Security Advisor
@john_shier
![Page 2: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/2.jpg)
2
Ransomware
![Page 3: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/3.jpg)
3
Ransomware Increasingly Troublesome
$209m cost of
ransomware attacks in the
first quarter of 2016
300% increase in
ransomware attacks
since 2015Source - Symantec
Ransomware Discoveries
![Page 4: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/4.jpg)
4
Ransomware Attacks Are Pervasive
Ransomware Targets
• Businesses (Retail)
• Public agencies (Education,
Healthcare, Government, Law
Enforcement)
Systems Impacted
• Windows, Mac, Linux
• Android
![Page 5: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/5.jpg)
5
The AIDS trojan
![Page 6: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/6.jpg)
6
Fake AV
![Page 7: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/7.jpg)
7
Out with the old, in with the new
FakeAV
Ransomware
![Page 8: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/8.jpg)
8
Police locker
![Page 9: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/9.jpg)
9
Cryptolocker
![Page 10: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/10.jpg)
10
Cryptolocker BitCash
![Page 11: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/11.jpg)
11
Petya
![Page 12: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/12.jpg)
12
Spam
![Page 13: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/13.jpg)
13
Spam
![Page 14: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/14.jpg)
14
Phishing
![Page 15: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/15.jpg)
15
Phishing
![Page 16: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/16.jpg)
16
Return of the mac(ro)
![Page 17: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/17.jpg)
17
HD phishing
![Page 18: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/18.jpg)
18
Locky
![Page 19: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/19.jpg)
19
Locky
![Page 20: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/20.jpg)
20
Cryptowall
![Page 21: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/21.jpg)
21
Paths to exclude
windows
temp
cache
sample pictures
default pictures
sample music
program files
program file (x86)
games
sample videos
user account privileges
packages
Files to exclude
help_your_files.txt
help_your_files.html
help_your_files.png
Iconcache.db
Thumbs.db
Extensions to exclude
exe
dll
pif
scr
sys
msi
msp
com
htl
cpa
msc
bat
cmd
scf
Cryptowall
![Page 22: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/22.jpg)
22
Tips for preventing ransomware
1. Don’t enable macros.
2. Consider installing Microsoft Office viewers.
3. Be very careful about opening unsolicited attachments.
4. Don’t give yourself more login power than necessary.
5. Patch, patch, patch.
6. Train and retrain employees in your business.
7. Segment the company network.
8. Back up your files regularly and keep a recent backup off-site
![Page 23: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/23.jpg)
RANSOM DOES NOT GUARANTEE YOUR DATA BACK
Kansas Heart Hospital was hit with a ransomware attack on 18th of May 2016
It paid the ransom, but then attackers tried to extort a second payment
Source: Network Worldhttp://www.networkworld.com/article/3073495/security/kansas-heart-hospital-hit-with-ransomware-paid-but-attackers-demanded-2nd-ransom.html
![Page 24: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/24.jpg)
FAIL PROOF RANSOMWARE PROTECTION
• Protection against ransomware o Regular time-indexed snapshot backupso Flexibility in backup frequency and data retention
policieso Comprehensive data protection for endpoints and
cloud appso Offsite data storage (AWS/Microsoft Azure) options
• Recovering from ransomware intrusiono 24/7 data accesso User/admin restoreo Locate suspicious files quickly on endpoints and
cloud apps
Ransomware
• Backup data regularly
• Recover at the device or file level
• Locate suspicious files via search
You Can’t Prevent Ransomware Attacks, But You Can Protect Against It
![Page 25: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/25.jpg)
TIME-INDEXED BACKUPS WITH CONFIGURABLE GRANULAR CONTROLS
![Page 26: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/26.jpg)
BACKUPS SHOULD BE COMPREHENSIVE
Mobile Devices – Smartphones and Tablets
Desktops and Laptops
Cloud Applications
![Page 27: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/27.jpg)
IT/USER FILE LEVEL RESTORE FROM SNAPSHOTS
IT Initiated Restore
User Initiated Restore
![Page 28: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/28.jpg)
RANSOMWARE FILE LEVEL SEARCH
![Page 29: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/29.jpg)
SUMMARY AND KEY TAKEAWAYS
• Update your security softwareo Anti-virus and anti-malware softwareo Operating systems for all endpoints including desktops, laptops and
smartphoneso Patch, patch, patch.
• End-user awareness and education
• Protection against ransomware o Proactive: Regular time-indexed snapshot backupso Remediation: File level restore and search for infected files
![Page 30: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/30.jpg)
• Trusted by over 4,000 enterprises
• Headquartered in Silicon Valley
• Worldwide offices and 24x7 support
• Among fastest growing data protection providers
30
ABOUT DRUVA
![Page 31: Taking a Proactive Approach to Combat Ransomware [Druva Webinar]](https://reader031.vdocuments.net/reader031/viewer/2022030313/58d19c991a28ab6f6b8b500f/html5/thumbnails/31.jpg)