Presentation is loading. Please wait.

Presentation is loading. Please wait.

Recovering From Ransomware Attacks Christophe Bertrand, VP, Product Marketing April 2018.

Published byMagdalene Palmer Modified over 6 years ago

Similar presentations

Presentation on theme: "Recovering From Ransomware Attacks Christophe Bertrand, VP, Product Marketing April 2018."— Presentation transcript:

1 Recovering From Ransomware Attacks Christophe Bertrand, VP, Product Marketing
April 2018

2 Copyright © 2017 Arcserve. All rights reserved.
Arcserve Profile Worldwide Customer Base & Sales Presence Industry Recognition 45,000 customers 7,500 partners Distributed in 150 countries WW HQ – Minneapolis, USA LATAM HQ – São Paulo, Brazil EMEA HQ – Barcelona APAC HQ – Singapore Japan HQ – Tokyo Sales offices in 20+ countries 3 VMworld Gold Awards 2 CRN Channel Chief Awards Channel Company Top Midmarket Executive MSPBJ Titan of Technology 4 Storage Awards Cloud Hosting DR Product of the Year Computer Singapore Readers’ Choice Award for Networked Storage 2 PC Pro Recommendations 3 IT Pro Recommendations DCS Storage Software Product of the Year CRN Woman of the Channel A single, fully-integrated solution portfolio to protect across cloud, virtual and physical environments. SOFTWARE APPLIANCES CLOUD (DRaaS) 2 Copyright © 2017 Arcserve. All rights reserved.

3 Copyright © 2017 Arcserve. All rights reserved.
What is Ransomware? Ransomware is malware for data kidnapping in which the attacker encrypts the victim's data and demands payment for the decryption key. Ransomware spreads through attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm. The net result: no data access, sometimes data loss… The Alternative: Pay up or Ignore (but now you need to restore your systems/data) Copyright © 2017 Arcserve. All rights reserved.

4 Ransomware in Backup and SLA terms
Recovery point objectives Recovery time objectives Copyright © 2017 Arcserve. All rights reserved.

5 Mitigating The Risk of Ransomware: Example 1
Multi-site medical center for senior citizens, with a mental health agency Client initiated incident response at 8:30am Identified culprit remotely and method of attack Phishing with a Word attachment and a macro By 11:30am: back at steady state Able to identify what data access had been granted and what had been compromised by network shares File-level recovery from Arcserve directly into those folders Removed all infected data Back up-and-running in 3 hours Zero data loss

6 Mitigating The Risk of Ransomware: Example 2
Mechanical organization (plumbing and HVAC) Infected at 10:30am Identified what data access had been granted Performed file-level recovery right back into those folders Back up at 2pm Recovery time included wiping the PC Very little data loss A couple of files that had not yet been backed up

7 Mitigating The Risk of Ransomware: Example 3
Mid-sized medical clinic Combination of tampered admin account and cryptolocker Re-populated their backup stores and brought everything back online by restoring those virtual machines Phished by an which allowed access to the network Seeded that back into the environment in person Maliciously held data for ransom by installing a cryptowall variant Servers were lost: Full BMR Deleted: application, Local backup copy Recovery time: It was a network share….Wasn’t hidden - too exposed!!!! Back up-and-running in 36 hours, Steady state at 48 hours Attack happened early in the morning No data loss Recovered copies from data center to removable storage Loss of time and productivity: 2 business days Brought virtual servers back online in their hypervisor

8 Arcserve UDP Platform Newest Addition to the UDP portfolio
Copyright © 2017 Arcserve. All rights reserved.

9 Arcserve’s Backup and Recovery Solution: UDP
Copyright © 2017 Arcserve. All rights reserved.

10 Arcserve UDP Cloud Direct
ENTERPRISE GRADE AND EASY TO USE BACKUP AS A SERVICE (BAAS) DISASTER RECOVERY AS A SERVICE (DRAAS) Automated backups transfer data safely offsite Easy set up in a few clicks from a single web based console Web-based console recovery data to/from anywhere Easy set up Push-button recovery RTO ~5 minutes Automated DR testing Copyright © 2017 Arcserve. All rights reserved.

11 Protect the Source Machine
Best Practices Protect the Source Machine Take precautions to prevent infection in the first place, such as training users to not click on links within s, downloading attachments from unknown sources and updating software on a timely basis. Perform regular backups, which may include rethinking your service level agreements to ensure critical business data is backed up more frequently. Follow the strategy for backup: one of the copies should be offline, and at least one of the copies should be offsite. Make sure your chosen backup solution includes virtual standby for critical systems so that you can get back on your feet very quickly. Copyright © 2017 Arcserve. All rights reserved.

12 More Examples– A Publishing Business….Somewhere
1 2 3 4 Customer X supports a few hundred users at this publishing business The corruption came in as an attachment titled Photos.zip with a spoofed address – who doesn’t have “click-happy” end-users? Photos.zip was the infected file sent via . It was a “bart” type virus Customer X does a 7AM snapshot of his environment and keeps a near line copy of the Recovery Points as a precaution. Best backup practices paid off!! Result Using Arcserve was key to his ability to thwart the attack and recover the affected systems and their data It took him 28 hours to determine the source, repair and reverse the damage but there was no publicly visible indication that an attack had taken place His ability to contain the attack and mitigate the damage earned him a letter of praise from his CEO Copyright © 2017 Arcserve. All rights reserved.

13 More Examples: Medical/Healthcare…Somewhere Else..
1 2 3 4 Customer was hit with multiple successive attacks, a common recent occurrence in their industry Avoiding operational impacts (regardless of the interruption cause) is a fundamental SLA which has a direct impact on communities and individuals In addition, avoiding negative publicity is very critical to this line of business In this customer’s case, the 5th Ransomware attack was particularly aggressive and took over local admin accounts on workstations and servers and encrypted files dozens of servers. Having a Bad day? Result Customer was able to recover all the servers with Arcserve UDP  Without Arcserve backups, they would be paying many $1000’s to recover, In this customer’s experience, their attacks seem to be more focused on “traditional” types of flat files – PDFs DOCs XLSs, etc.  Copyright © 2017 Arcserve. All rights reserved.

14 Protect the Protector: The Backup Data
Best Practices Protect the Protector: The Backup Data Replicate data to offsite / cloud If your backup server gets infected or if your backup data is on a shared network share that is accessible from an infected machine, ransomware can encrypt backup data as well. It sounds obvious, but it’s important to remember! Periodically, copy recovery points to offline media, such as USB disks. Consider leveraging tape as a backup medium for critical data (yes tape!). This oldie but goodie comes in handy to send periodic recovery points offline. Copyright © 2017 Arcserve. All rights reserved.

15

Download ppt "Recovering From Ransomware Attacks Christophe Bertrand, VP, Product Marketing April 2018."

Similar presentations

Introducing FailSafeSolutions Online Backup Software.

Introducing FailSafeSolutions Online Backup Software.
Backup as a Service and Disaster Recovery as a Service Providing backup and disaster recovery for virtual servers.

Backup as a Service and Disaster Recovery as a Service Providing backup and disaster recovery for virtual servers.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Preventing Common Causes of loss. Common Causes of Loss of Data Accidental Erasure – close a file and don’t save it, – write over the original file when.

Preventing Common Causes of loss. Common Causes of Loss of Data Accidental Erasure – close a file and don’t save it, – write over the original file when.
Module 9 Planning a Disaster Recovery Solution. Module Overview Planning for Disaster Mitigation Planning Exchange Server Backup Planning Exchange Server.

Module 9 Planning a Disaster Recovery Solution. Module Overview Planning for Disaster Mitigation Planning Exchange Server Backup Planning Exchange Server.
XP Practical PC, 3e Chapter 6 1 Protecting Your Files.

XP Practical PC, 3e Chapter 6 1 Protecting Your Files.
The Best DR and “Undo” Virus Attacks!! What can Zerto do for you?

The Best DR and “Undo” Virus Attacks!! What can Zerto do for you?
TRUE CANADIAN CLOUD Cloud Experts since 1997. The ORION Nebula Ecosystem.

TRUE CANADIAN CLOUD Cloud Experts since The ORION Nebula Ecosystem.
Using the Cloud to secure your data.. History of Randsomware December 1989 – AIDS Trojan made users male $189 USD to a PO Box in Panama. Fast-forward.

Using the Cloud to secure your data.. History of Randsomware December 1989 – AIDS Trojan made users male $189 USD to a PO Box in Panama. Fast-forward.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
The Derivitec Risk Portal Provides Powerful, Cost-Effective Risk Management Solutions, Powered by Azure, that Deploy in Minutes MICROSOFT AZURE ISV PROFILE:

The Derivitec Risk Portal Provides Powerful, Cost-Effective Risk Management Solutions, Powered by Azure, that Deploy in Minutes MICROSOFT AZURE ISV PROFILE:
OFFICE 365 APP BUILDER PROFILE: Druva

OFFICE 365 APP BUILDER PROFILE: Druva
Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC

Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC
WannaCry/WannaCrypt Ransomware

WannaCry/WannaCrypt Ransomware
Leverage the Cloud to Minimize the Impact of Ransomware

Leverage the Cloud to Minimize the Impact of Ransomware
WannaCry/WannaCrypt Ransomware

WannaCry/WannaCrypt Ransomware
Planning for Application Recovery

Planning for Application Recovery
Chapter 6: Securing the Cloud

Chapter 6: Securing the Cloud
What they are and how to protect against them

What they are and how to protect against them

Similar presentations

Ads by Google