Ransomware has been a big threat for many companies in the last two years, recently we’ve been contacted by affected users who said has been attacked by different flavors of Ransomware.
Initial diagnosis shows that the main door used by the malware was in all cases a Windows Operating system providing an Active Directory based authentication system and eventually a Remote Desktop service (RDP).
About Ransomware
Ransomware is a special type of malware, which once has gained access to the operating system encrypts all the usual user files (pdf, ms-office files, data files of database systems, etc.), the encryption process uses a special key only known by the attacker, who demands a payment for this key so the user can recover their files. Payment is made by using Cryptocurrencies (like Bitcoin by example) and many people who has paid the Ransom didn’t get the key, so not only lose their files but the money paid (usually between USD 600-2000).
Technically the principal problem with ransomware attacks is that encryption algorithm changes as new attackers appears, every day there is a new kind of ransomware so the anti-ransomware tools developed by companies like AVG or Kaspersky results useless not only because of the encryption algorithm changes but because many implementations uses complex key changes methods. Best hint for a really successful recovery if you have been attacked is: “go get your most recent backups”.
Free Software based solutions
As a software based company Bitpointer provide the tools to prevent this kind of security attacks, by deploying complete solutions oriented to reduce the risks and impact of an eventual ransomware attacks.
Tools and services:
Windows AD replacement: By using GNU/Linux we can fully replace any Windows Server AD
UTM: Unified Threat Management brings a security gate to control the remote access to your network and your server, thus blocking malicious software or unauthorized users who try to gain access to your information and computing resources.
Linux/FreeBSD based NAS: Linux based NAS can be deployed on practically any network and provide networking filesystems like ZFS, which are almost universally immune to ransomware.
Local Automated Backup: Critical data can be backed to a local server or network storage in an automated way, so in an eventual incident your data can be restored reducing impact of attacks.
Cloud Automated Backup: Keeping a cloud backup is the best way to be sure that your data are safe.
Ransomware attacks are a reality, but by using free software you can: control the risk, prevent your data from being compromised and get the tools to be ready for a successful information recovery in an eventual attack, don’t wait for the incident, be prepared.