Beating Cryptolocker and other Ransomware
-
Ransomware seems to be on the rise these days, so I thought I'd share a story about how a StorageCraft partner managed to circumvent cryptolocker by restoring backups.
This is at least one line of defense in the battle against ransomware, but what are some others you've come across?
-
Synology had an outbreak of cryptolocker that was custom written for their platform (Google SynoLocker). Users opened remote access without changing default passwords or updating their firmware to patch exploits, so eventually someone took advantage of that.
The only two REAL solutions that I encountered: 1) restore from a separate, unaffected backup, or 2) pay the ransom.
Ransomware can compromise the entire file system depending on the flavor, so having multiple backups on the same volume (or sometimes, even the same LAN) does not guarantee protection.
Offsite backup into something password protected is the only way to go.
It was a rude awakening for a lot of Synology home users about business level best practice for network security... "Why would I need an offsite backup? I have RAID, doesn't that protect my data already?"
Unfortunately many users HAD to pay the ransom to decrypt their files as they had no other means to recover that data. I would not suggest this except as a last resort - the group behind SynoLocker did provide a working key, but I have read that others do not.
-
@jvwelch welcome to MangoLassi!