Recovering Your Customers From Ransomware Without Paying Ransom

Recover ing Your Cus tomers f rom Ransomware

Without Paying Ransom.

Scott ParkerSr. Product Marketing ManagerSolarWinds MSP

Martin MerrellSenior Sales EngineerStorageCraft

THE WEBINAR

WILL BEGIN SOON!

Recover ing Your Cus tomers f rom Ransomware

Without Paying Ransom.

Scott ParkerSr. Product Marketing ManagerSolarWinds MSP

Martin MerrellSenior Sales EngineerStoragecraft

© 2016 N-able Technologies ULC. All rights reserved.

?

Length: 60 min

Questions welcome any time in chat

REC Recording and slides will be posted

W e b i n a r d e t a i l s


The Remote Monitoring and Management solution trusted by over 5500 MSPs globally.

Integrated Patch, AV, Backup, Mobile Management and remote control.

Customer facing reporting and analytics.

Drag-and-drop Automation anyone can use.

Integration with PSA solutions for ticketing.

I n t r o d u c t i o n t o N - c e n t r a l b y N - a b l e

Remote Monitoring and Management for MSPs


O n l y 2 - 3 % o f d i s a s t e r s a r e “ n a t u r a l ” d i s a s t e r s

I f i t disrupts your normal business operat ions,

i t ’s a disaster.

R e t h i n k t h e d e f i n i t i o n o f d i s a s t e r


W h a t i s R a n s o m w a r e ?


A type of malware that, upon

infection, restricts access to

files or threatens permanent

destruction of data until you

pay a ransom.

W h a t i s R a n s o m w a r e ?


A message pops up saying your

computer is locked until you

pay for a key to decrypt your

data.

F i r s t S i g n o f Tr o u b l e …

9© 2016 N-able Technologies ULC. All rights reserved.

CryptoLocker

earned its creators

$27 million in

ransom payments

in its first two

months alone.

Source: Forbes,


Loss of sensitive or proprietary data

Disruption of business operations

Loss of revenue and productivity

Financial losses to restore systems or files

Potential damage to reputation

B u s i n e s s I m p a c t C a n B e D e v a s t a t i n g


Looks convincing.

Commonly propagated through spoofed emails.

Includes enticing subject line.

Open email attachment (.zip), or click on link in email.

Encrypts on all local files on machine, then attacks

network folders.

Damage is done before you notice it has taken place.

O n e W r o n g C l i c k …

..and you’ve got Ransomware


• University of Calgary, Calgary, Alberta, CA

(May, 2016)“…Paid nearly $16,000 in ransomware attack…”

• Hollywood Presbyterian Hospital, Los Angeles,

CA (February, 2016)“…Paid a $17,000 ransom in Bitcoin.”

• Police Department, Tewksbury, MA“…Paid $500…”

• City of Plainsville, NJ“…Paid $700…”

The FBI estimates ransomware losses to be as high as

$209 million as of March, 2016.

I t C a n H a p p e n t o An y o n e


Make them aware of popular social engineering methods

and tactics

Do not open emails from strange or unfamiliar

email addresses

Do not open attachments or click on links in emails you

receive unexpectedly from unfamiliar senders; verify the

sender first

Do not double click on email attachments

Do not download software from torrent sites

Do not disable anti-virus or anti-malware software

P r e v e n t i o n i s t h e B e s t P r o t e c t i o n


Keep Windows® and other operating systems updated Latest security patches and updates.

Install and use anti-virus software Make sure it is regularly updated and has automatic updates enabled.

Employ effective email security tools and policies Use email SPAM filtering and virus scanning.

Carefully manage user credentials .

Use complex passwords.

Force password changes periodically.

Do not run Microsoft® Office applications on servers and

limit web browsing

E l i m i n a t e T h r e a t s

Before they reach the end user.


1. Walk away from your data How valuable is it to you?

2. Pay the ransom Should you pay the ransom?

3. Recover from backup How can you help clients avoid paying

the price

RECOVERY

I f P r e v e n t i o n F a i l s …

You have three options.


A C a s e f o r O p t i o n # 3

CPI Solutions


C P I S o l u t i o n s

Serves small- and

medium-sized businesses.

Los Angeles, San Bernardino

and Ventura Counties.

4,000+ managed servers and

desktops.


10 clients attacked

830 users impacted

3 million files damaged

$0 ransom paid

CryptoLocker attack

C P I S o l u t i o n s


H o w C P I S o l u t i o n s C o n q u e r e d C r y p t o L o c k e r

“No business is ever really safe from

malicious software including

ransomware. The best form of

protection is frequent and consistent

backups that are checked on a

regular basis.”

James Oberhaus

Vice President of Managed IT Services


H o w t o F i g h t R a n s o m w a r e


Backup Type < Configuration The type of backup is less important than its configuration.

File & Folder-based backup can protect data from being encrypted.

Image-based backup can protect a “full workload” meaning it will the capture OS, applications, settings, services, and data.

Prevent ransomware for “seeing” the backup files The first types of ransomware did not target backup file types.

Today, ransomware has targeted backup files and full volumes.

B a c k u p , B a c k u p , B a c k u p


C r e a t e R e g u l a r B a c k u p s

Benefit: Restore files and whole system to a

state prior to the infection

Capture OS, applications, settings, services, and

data.

Fast, reliable, and secure.

Virtual and physical Windows and Linux® systems.

Full, continuous incremental backups.

Schedule as often as every 15 minutes for multiple

recovery points.

BACKUP


Use unique credentials for each shared folder (not

default root/admin or user account) – Only allow

specific IT Admin accounts to access backup

folders.

Lock down access to server/NAS hosting the

shared folders.

Run periodic AV scans of shared folders (outside

backup schedule).

Do NOT map backup folder so user can directly

access centralized dashboard and reporting.

MANAGE

W r i t e B a c k u p s t o a N e t w o r k S h a r e a n d R e s t r i c t A c c e s s


Benefit: If defenses don’t work, recover

from offsite backup

Replicate to an offsite location.

Replicate to the Cloud.

Replicate to a USB HDD and take backups

offsite.

Secure data transfer. REPLICATE

R e p l i c a t e B a c k u p s t o a D i f f e r e n t P h y s i c a l L o c a t i o n


Benefit: Ensure backups can be reliably recovered

Mount backups and scan files with an anti-virus product.

P e r i o d i c a l l y C h e c k B a c k u p s f o r V i r u s e s


Educate users not to double click

email attachments

Restrict user access to backup

console on machine only agent

Prevent a user from changing backup

settings.

P r o p e r l y E d u c a t e a n d R e s t r i c t Ac t i v i t y


Recover quickly, easily, reliably.

Many options for full service restore.

Every time, everywhere.

RECOVERY

R e c o v e r W i t h o u t P a y i n g t h e R a n s o m


Q u e s t i o n s ?


T h a n k y o u !

The N-ABLE TECHNOLOGIES and N-CENTRAL marks are the exclusive property of N-able Technologies ULC and its affiliates, are registered with the U.S. Patent and Trademark Office and the Canadian Intellectual Property Office, and may be registered orpending registration in other countries. All other N-able trademarks, service marks, and logos may be common law marks, registered or pending registration in the United States, Canada, or in other countries. All other trademarks mentioned herein areused for identification purposes only and may be or are trademarks or registered trademarks of their respective companies.

For more information on backup solutions please visit www.n-able.com.

For additional Ransomware content please visit www.n-able.com/ransomware.

Recovering Your Customers From Ransomware Without Paying Ransom

Technology