January 22, 2018 Vignesh Sathiyanantham 1Comment
Recently, An Indiana hospital paid a ransom of $55,000 to get rid of ransomware that had infected its systems and was hindering operations. when attackers breached the network of Hancock Health, a regional hospital in the city of Greenfield, Indiana.

Hancock Health CEO Steve Long said the hackers are believed to be in eastern Europe and may have used a type of ransomware called SamSam,

SamSam encrypted files and renamed them with the phrase “I’m sorry”, according to a local newspaper who broke the news.

The hospital said that despite having backups it opted to pay the ransom demand of 4 Bitcoin, which was worth around $55,000 at the time the hospital paid the sum. Hospital management told local press that restoring from backups was not a solution as it would have taken days and maybe even weeks to have all systems up and running. Hence, they decided to pay the ransom was quicker.

What is Ransomware

Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. Ransomware is different from other attacks that it’s all about storage.

The hacker’s application locks up your storage by encrypting it and more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them and you either unravel the rogue code’s encryption or start learning about blockchain technology and shipping bitcoins into the ether.

Today, ransomware is one of the biggest cyber threats, according to McAfee Labs and Trend Micro. Rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches drastically. To avoid becoming a victim, users take action to protect their Computers. But waiting ( RTO ) could cost you money, hassle, and negative publicity.

Backup admins should have periodic backups and good data protection with great RPOs and lesser RTOs to survive these attack

Protecting your data from Ransomware

In case of cloud environments ( VMware / AWS ) this is much easier to recover but many times a simple traditional backup app doesn’t provide sufficient defense against ransomware because those applications will backup only the application data of your machine.

Another big concern about ransomware is traditional backup stores their backup on the media server, as they would be susceptible to the same attacks that go after the systems they’re backing up.

If you have a good copy of backup ( recovery point with the pre-ransomware copy of the data) you can recover your data but you still need everything related to operating system settings, application, application settings and the configurations to get up and run again in the production.

Is this sounds like it will take a lot of time to bring backup production machine?

Choosing the right software with right strategy save a lot of money and time.

Best data protection technique which can help business is cloud-based disaster recovery, backup up data and replicate to another site. In case if ransomware blocks you on prim data you can recover from another site.

NIMESA a data virtualization and management solution which can transform various data center operations and can bring significant OpEx and CapEx savings for use cases such as backup\recovery, Test, and Dev, Analytics, cloud migration, DR etc.

Nimesa backups the Virtual Machine by taking the snapshot of the Virtual Machine and also the volume of datastore ( underlying storage snapshot capabilities) in case of VMware, it creates the snapshot of the Instance volumes in case AWS cloud.
In both the cases, Nimesa replicated the snapshot to another site configured by user underlying storage / AWS EBS capabilities.
In case of an attack or data loss user has the option to recover whole machine or individual disk or even the SQL database inside the application.
CIOs are looking for fast and reliable recoverability, Nimesa provides data protection with smaller RPO and faster RTO.
.

One thought on “Protect or Ship Bitcoin or lose data – Ransomware attack

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.