Recovering Your Customers From Ransomware Without Paying Ransom

Recovering Your Customers from Ransomware
Without Paying Ransom.
Scott Parker
Sr. Product Marketing Manager
SolarWinds MSP
Martin Merrell
Senior Sales Engineer
StorageCraft
THE WEBINAR
WILL BEGIN SOON!

Recovering Your Customers from Ransomware
Without Paying Ransom.
Scott Parker
Sr. Product Marketing Manager
SolarWinds MSP
Martin Merrell
Senior Sales Engineer
Storagecraft

© 2016 N-able Technologies ULC. All rights reserved.
?
Length: 60 min
Questions welcome any time in chat
REC Recording and slides will be posted
We b i n a r d e t a i l s

 The Remote Monitoring and Management solution trusted by over 5500 MSPs globally.
 Integrated Patch, AV, Backup, Mobile Management and remote control.
 Customer facing reporting and analytics.
 Drag-and-drop Automation anyone can use.
 Integration with PSA solutions for ticketing.
I n t r o d u c t i o n t o N - c e n t r a l b y N - a b l e
Remote Monitoring and Management for MSPs

O n l y 2 - 3 % o f d i s a s t e r s a r e “ n a t u r a l ” d i s a s t e r s
If it disrupts your normal business operations,
it’s a disaster.
R e t h i n k t h e d e f i n i t i o n o f d i s a s t e r

W h a t i s R a n s o m w a r e ?

A type of malware that, upon
infection, restricts access to
files or threatens permanent
destruction of data until you
pay a ransom.
W h a t i s R a n s o m w a r e ?

A message pops up saying your
computer is locked until you
pay for a key to decrypt your
data.
F i r s t S i g n o f Tr o u b l e …

9© 2016 N-able Technologies ULC. All rights reserved.
CryptoLocker
earned its creators
$27 million in
ransom payments
in its first two
months alone.

 Loss of sensitive or proprietary data
 Disruption of business operations
 Loss of revenue and productivity
 Financial losses to restore systems or files
 Potential damage to reputation
B u s i n e s s I m p a c t C a n B e D e va s t a t i n g

 Looks convincing.
 Commonly propagated through spoofed emails.
 Includes enticing subject line.
 Open email attachment (.zip), or click on link in email.
 Encrypts on all local files on machine, then attacks
network folders.
 Damage is done before you notice it has taken place.
O n e Wr o n g C l i c k …
..and you’ve got Ransomware

• University of Calgary, Calgary, Alberta, CA
(May, 2016)
“…Paid nearly $16,000 in ransomware attack…”
• Hollywood Presbyterian Hospital, Los Angeles,
CA (February, 2016)
“…Paid a $17,000 ransom in Bitcoin.”
• Police Department, Tewksbury, MA
“…Paid $500…”
• City of Plainsville, NJ
“…Paid $700…”
The FBI estimates ransomware losses to be as high as
$209 million as of March, 2016.
I t C a n H a p p e n t o An y o n e

 Make them aware of popular social engineering methods
and tactics
 Do not open emails from strange or unfamiliar
email addresses
 Do not open attachments or click on links in emails you
receive unexpectedly from unfamiliar senders; verify the
sender first
 Do not double click on email attachments
 Do not download software from torrent sites
 Do not disable anti-virus or anti-malware software
P r e ve n t i o n i s t h e B e s t P r o t e c t i o n

 Keep Windows® and other operating systems updated
 Latest security patches and updates.
 Install and use anti-virus software
 Make sure it is regularly updated and has automatic updates enabled.
 Employ effective email security tools and policies
 Use email SPAM filtering and virus scanning.
 Carefully manage user credentials .
 Use complex passwords.
 Force password changes periodically.
 Do not run Microsoft® Office applications on servers and
limit web browsing
E l i m i n a t e T h r e a t s
Before they reach the end user.

1. Walk away from your data
 How valuable is it to you?
2. Pay the ransom
 Should you pay the ransom?
3. Recover from backup
 How can you help clients avoid paying
the price
RECOVERY
I f P r e ve n t i o n F a i l s …
You have three options.

A C a s e f o r O p t i o n # 3
CPI Solutions

C P I S o l u t i o n s
Serves small- and
medium-sized businesses.
Los Angeles, San Bernardino
and Ventura Counties.
4,000+ managed servers and
desktops.

10 clients attacked
830 users impacted
3 million files damaged
$0 ransom paid
CryptoLocker attack
C P I S o l u t i o n s

H o w C P I S o l u t i o n s C o n q u e r e d C r y p t o L o c k e r
“No business is ever really safe from
malicious software including
ransomware. The best form of
protection is frequent and consistent
backups that are checked on a
regular basis.”
James Oberhaus
Vice President of Managed IT Services

H o w t o F i g h t R a n s o m w a r e

Backup Type < Configuration
 The type of backup is less important than its configuration.
 File & Folder-based backup can protect data from being encrypted.
 Image-based backup can protect a “full workload” meaning it will the capture OS, applications,
settings, services, and data.
Prevent ransomware for “seeing” the backup files
 The first types of ransomware did not target backup file types.
 Today, ransomware has targeted backup files and full volumes.
B a c k u p , B a c k u p , B a c k u p

C r e a t e R e g u l a r B a c k u p s
Benefit: Restore files and whole system to a
state prior to the infection
 Capture OS, applications, settings, services, and
data.
 Fast, reliable, and secure.
 Virtual and physical Windows and Linux® systems.
 Full, continuous incremental backups.
 Schedule as often as every 15 minutes for multiple
recovery points.
BACKUP

 Use unique credentials for each shared folder (not
default root/admin or user account) – Only allow
specific IT Admin accounts to access backup
folders.
 Lock down access to server/NAS hosting the
shared folders.
 Run periodic AV scans of shared folders (outside
backup schedule).
 Do NOT map backup folder so user can directly
access centralized dashboard and reporting.
MANAGE
W r i t e B a c k u p s t o a N e t w o r k S h a r e a n d R e s t r i c t Ac c e s s

Benefit: If defenses don’t work, recover
from offsite backup
 Replicate to an offsite location.
 Replicate to the Cloud.
 Replicate to a USB HDD and take backups
offsite.
 Secure data transfer. REPLICATE
R e p l i c a t e B a c k u p s t o a D i f f e r e n t P h y s i c a l L o c a t i o n

Benefit: Ensure backups can be reliably recovered
 Mount backups and scan files with an anti-virus product.
P e r i o d i c a l l y C h e c k B a c k u p s f o r Vi r u s e s

 Educate users not to double click
email attachments
 Restrict user access to backup
console on machine only agent
 Prevent a user from changing backup
settings.
P r o p e r l y E d u c a t e a n d R e s t r i c t Ac t i vi t y

 Recover quickly, easily, reliably.
 Many options for full service restore.
 Every time, everywhere.
RECOVERY
R e c o ve r W i t h o u t P a y i n g t h e R a n s o m

Q u e s t i o n s ?

T h a n k y o u !
The N-ABLE TECHNOLOGIES and N-CENTRAL marks are the exclusive property of N-able Technologies ULC and its affiliates, are registered with the U.S. Patent and Trademark Office and the Canadian Intellectual Property Office, and may be registered or
pending registration in other countries. All other N-able trademarks, service marks, and logos may be common law marks, registered or pending registration in the United States, Canada, or in other countries. All other trademarks mentioned herein are
used for identification purposes only and may be or are trademarks or registered trademarks of their respective companies.
For more information on backup solutions please
visit www.n-able.com.
For additional Ransomware content please visit
www.n-able.com/ransomware.

Recovering Your Customers From Ransomware Without Paying Ransom

More Related Content

Recovering Your Customers From Ransomware Without Paying Ransom