Open in app

Sign in

Write

Sign in

Mastodon
Operationalize Your Team for Continuous Ransomware Defense
56
1

Michael Figueroa

Bob Koure
2 min readFeb 12, 2020

--

If you’re a small organization, I’d suggest focusing primarily on ransomware recovery (i.e. getting backups restored as quickly as possible post-attack). Yes, there are ways to detect a ransomware attack as it encrypts files, but some damage is already done at that point, and without an IT person, your chances of getting it set up properly are slim.

So, the old standby: nightly backups. I’ve been using Veeam’s EndpointBackup, which can access network file storage (NAS) using its own user credentials, so a user’s PC, taken over by ransomware. cannot scribble over backups, uses forward-differential backups, so seven or eight nightly backups taking maybe double the space of a single one. It comes with a utility that allows users (with read access) to restore either a single file from a particular backup, a drive, or bare-metal. It’s an easy ‘sell’ as it’s free.

That said, the only bare metal recoveries I’ve done have been after a malware attack, not ransomware (wanted to be sure the system was clean), and periodic test-restores (which have been fine). A bare metal recovery on one of our typical boxes (Gb LAN, 256–512G SSD, i5–i7) takes maybe an hour, including booting from recovery USB stick. And everything done after the nightly backup is lost. But it’s a far cry from ‘give us money or lose everything’.

I had one user who kept messing up Access databases who was able to self-serve, restoring that file from previous nightlies. This with read-only access.

Ransomware typically takes over a user’s PC, and runs as that user, so one way to think about ransomware recovery is just considering what would happen if a particular user ‘went crazy’ and tried to delete everything they could. If you can recover from that, you can recover from a ransomware attack.

As a bonus, if you are using a Synology NAS, those come with a built-in app that lets storage be copied encrypted to AWS, so weekly/monthly offsite backups become automatic. If that sounds a bit too technical, consider copying backups to portable USB drives for offsite storage.

--

--

Bob Koure
Bob Koure

Written by Bob Koure

1K Followers
120 Following

Retired software architect, statistical analyst, hotel mgr, bike racer, distance swimmer. Photographer. Amateur historian. Avid reader. Home cook. Never-FBer

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams