A key component of a ransomware protection plan is to protect endpoints, but these are often overlooked or treated haphazardly. IT certainly must protect the servers that drive the applications so critical to the organization, but the entry point for ransomware is often a user device like a laptop. Making sure they are protected and included in the recovery plan is critical to success.
Step 1 – Back Up Devices
First, make sure user devices are backed up on a regular basis. A golden master of their system is critical but so is protecting the documents they create and modify throughout the day. Ideally the user device is protected on an ongoing basis.
Smartphones and tablets should now be part of the backup strategy. There are several known malware packages for both Android and Windows tablets.
Step 2 – No Thumb Drives
Second, teach and warn users of the dangers of inserting a thumb drive into their laptops. There have been multiple cases where a ransomware hacker has scattered thumb drives in a parking lot and made thousands of dollars from ransom payments after a high percentage of those drives were inserted into a laptop.
Even thumb drives given away at trade shows could be infected, as a result we’d suggest a zero tolerance policy toward thumb drives. At least if a file is emailed or downloaded there is a chance it will be scanned.
Step 3 – Don’t Click on Embedded Links in Emails from Unknown Sources
Embedded links make for pretty emails but they also could be hiding a pointer to a nefarious site. Most email clients will allow the user to hover over the email and show where the intended link will take the user. Especially don’t click on emails from overnight shipping companies that claim to let you track your order. When in doubt manually go to the website in question and search for your order.
Step 4 – Create an Enterprise File Strategy
Storage Switzerland defines an enterprise file strategy as an architecture that not only delivers file sync and share but also provides endpoint backup and data distribution. A file strategy can go a long way to protecting user files on devices. First, it can backup files on those devices. Second, most file sync and share solutions are real-time, so a change made on a laptop is automatically replicated to the cloud.
Look for an option that doesn’t require a public cloud storage target. Instead leverage a private cloud / object storage system on-premises. These object storage system are much harder for the ransomware application to mount than a primary storage share. It also takes continuous snapshots of replicated data, most of these snapshots are read-only so they can’t be impacted by a ransomware attack.
Since the spike of attacks this year, many vendors are claiming to have a solution to the ransomware problem. Some have even renamed their products to catch the wave of ransomware interest. But we at CTERA have a legitimate solution to the problem built on a file services strategy. Our solution backs up remote offices/branch offices, and also can protect endpoints. It also delivers file sync and share for faster rollback from an attack. CTERA fully supports an object storage back-end, and most importantly it is fully secure, using full encryption throughout the file’s lifecycle. Learn more about CTERA’s Enterprise File Services.
To learn more about developing a File Strategy, check out the webinar we did with Storage Switzerland here.