Doing this One Thing Will Prevent any Sustained Damage from Ransomware

Posted on August 10, 2016


Ransomware has caused a lot of chaos and damage to networks across the globe.  It has also brought a lot of attention and awareness to endpoint protection and network security.  There are a number of security tools that can accentuate your efforts to protect your users and data from this prevailing menace.  Last month we touched on a couple of email and web gateway filtering solutions.

The fact is that endpoint protection is no longer comprised of a single tool or entity.  It is a suite of well-coordinated tools that work in conjunction and supplement one another.  Unfortunately, however, even the most robust extensive array of security protection tools cannot guarantee complete protection against malware, especially in today’s mobile world in which users are constantly transporting devices beyond the safety of the network perimeter.

One comforting fact about ransomware is that its area of infestation is limited.  It isn’t a worm that is intelligently driven to spread itself far and wide across both LANs and WANs.   Its incursion is limited to local volumes and mapped drives.  Mapped drives can include the following:

  • A mapped drive pointing to a network share on a server or NAS
  • An external drive attached to the infected machine including a USB storage device
  • A locally installed cloud drive such as Dropbox

So the good news, if you can call it that, is that in the event that ransomware is able to establish a beachhead on one of your devices despite the best efforts of your network security array, the damage will be limited to the physical reach of that device only.

And here is the other good news.  There is one go-to-solution for combatting malware, one that will always work no matter what users may do.  One solution that will prevent you from losing all of your data no matter what technical breakdown may occur in your security perimeter.  That go-to-solution is called proper backup.

If your organization becomes a victim of ransomware, you will never have to consider making a payment of extortion to some unnamed remote felonious attacker if you perform regularly scheduled up-to-date backups.  A well intentioned backup will be absolutely useless however if there is a physical link to it from the infected device.

It may be surprising that daily backups are tool of last resort that can save you from a ransomware attack but it may surprise you that a leader in data backup protection today is Barracuda.  They have both a traditional backup server for the on premise LAN environment that will perform bare metal recoveries and a cloud integrated solution for both physical and SaaS environments.  Both products integrate fully with both VMware and Hyper-V solutions.   Their cloud integrated backup solution will allow continuous replication to the Barracuda Cloud or another appliance.  It even accommodates cloud-to-cloud backups.

Their traditional sever solution is called Yosemite Server which is targeted towards smaller enterprise organizations that want to avoid complicated licensing and administrative models.  Configuration couldn’t be simpler with just four options ranging from single server to unlimited usage, all including unlimited workstations.  It supports multiple media types and technologies including disk, tape drives, autoloaders, robotic libraries and CD/DVD and makes the most of whatever media you utilize with storage compression.  Also, while your data is at rest, it is protected with encryption.


No matter what backup solution you choose on the market today, you need redundancy in order to ensure worry free backups as well as recovery.  This is what the traditional 3-2-1 Backup is all about.  The topology design of the 3-2-1 backup is as follows:

  • Have at least 3 copies of your data
  • Utilize two different media formats
  • Have one of the copies be offsite

Three copies of your data means that one copy is the original data supported by two separate backup copies.  Your data should reside on two separate mediums such as that of a network share, an SSD drive on some type of storage array.  It can also be traditional tape media that seems so legacy today, but is mobile enough to take offsite to a secure location such as a separate site used by your organization or even a safety deposit box at a local bank.  A possible solution which satisfies both conditions of two media types and a remote location is utilizing the snapshotting feature of your SAN infrastructure.  By snapshotting your data at regular intervals throughout the day to an identical environment at a disaster recovery location, you can easily recover from an attack on a virtual host server or VM.  Of course it goes without saying that any backup plan includes regular test restorations of the data to ensure that your data can be recovered intact.

It needs to be mentioned that ransomware may be maturing as a form of malware and thus may evolve into new forms that may in fact be able to expand beyond direct physical connections.  The one certainty of ransomware however, is that maintaining a well-designed working backup solution will serve as an effective measure against the lasting effects of ransomware, no matter how it may evolve one day.

Posted in: IT Security