Estimated reading time: 6 minutes
Despite some seasonal declines, ransomware is still a serious security threat, especially for those who underestimate it . It is often thought that to protect yourself from ransomware it is enough to have a backup copy of your data. This point of view does not take into consideration various aspects. One of them is the relationship between ransomware and NAS ( Network Access Storage ), where you often store a backup copy of the server, thinking it is enough.
Ransomware attacks are capable of rendering entire disks unusable by encrypting the file system . Network disks are at risk, which can also be encrypted, reducing the effectiveness of a backup stored on a NAS.
Definition of Ransomware
Ransomware, as we have seen in other articles, is a form of malware that encrypts the victim’s files. The attacker then demands a ransom from the victim to restore access to data against payment .
Users are shown instructions on how to pay a fee to obtain the decryption key. Costs can range from a few hundred euros to thousands, payable to cybercriminals in Bitcoin.
Once the malware gets executed, it’s almost always too late. In fact, often the victim does not notice until the ransom demand is made or when the entire disk has been completely encrypted.
How ransomware works
There are several ways that ransomware can take to access a server. One of the most common delivery systems is phishing . Some attachments arrive at the victim’s computer in an e-mail message, masked from a harmless file.
Once executed, these software masquerading as harmless files can take control of the victim’s computer, especially if they have social engineering tools built in which trick users into allowing administrative access . Tracing back to the server isn’t as complicated as it might seem.
Some other more aggressive forms of ransomware, such as NotPetya , exploit security holes to infect computers without the need to trick users.
There are several things malware could do once it has taken over the victim’s computer, but by far the most common action is to encrypt some or all of the files it has access to. If you want to get into the technical, here’s more information on how encryption takes place.
The most important thing to know is that at the end of the process, files cannot be decrypted without a mathematical key known only to the attacker . The victim is presented with a ransom note and explained that without a payment, the files will remain inaccessible.
Regardless of the requests and how the ransomware is unleashed in the first place, the thing to note is that there is no data that can be saved. So, if your customers’ data is on a server, they can be involved in such an attack.
If the ransomware encrypts file systems and not just individual files, the problems could multiply.
Ransomware, NAS and backups
One of the ways to mitigate the risk is to have a backup available with which to restore the data without having to surrender to payment. The best practices for management backups do not want there to be backups on the same machine, so it is possible that they are kept on network disks, always accessible from servers. But in fact those disks are part of the machine, as they are accessible.
These disks, called NAS (Network Access Storage), are great solutions for managing files on a network, but they can become as useless as the server in the event of a ransomware attack. If the attack encrypts the file systems, it is possible that finding the remote folders on the NAS encrypts those as well, rendering the backup unusable.
The targets of a ransomware
There are several ways attackers choose which organizations they target with ransomware attacks. Sometimes it’s a matter of opportunity – for example, attackers might target universities because they tend to have smaller security teams and a disparate user base that share many files, making it easier to penetrate their defenses.
On the other hand, some organizations are tempting targets because they seem more likely to pay a ransom quickly. For example, government agencies or medical facilities often need immediate access to their files. .
Law firms and other organizations with sensitive data may be willing to pay to keep news of a compromise hidden , and these organizations are often particularly sensitive to a data exfiltration threat.
However, it has been noted that some ransomware is capable of spreading itself on the network . In fact, no one is completely safe, especially if the data stored on the servers is sensitive.
Ransomware and NAS: how to manage backups
As we have seen, ransomware is no small threat to the data stored on corporate servers. Now let’s see what precautions you can take to protect your data and servers.
Do not use NAS for backups
Se il ransomware arriva a un NAS, quasi certamente lo cifrerà rendendo il backup inaccessibile. Evitare questo problema è facile: usare il cloud!
The server provider should offer the ability to store machine backups on the cloud . This means that the backups are not always reachable by the server and therefore the software is unable to encrypt them.
This is the standard of our VPS service . In case of compromise, in fact, it is sufficient to restore the virtual machine to an earlier state through one of the backups stored in the cloud .
Alternatively, you can backup on premise , ie locally, physically in the company. Using the Acronis Backup service you can perform a backup on an external disk not connected to the network.
Another solution, hybrid of the previous ones, is to create a backup through Acronis and store it in the cloud and not locally. You maintain the advantage of having a remote backup that is not connected to the server constantly.
Finally, it is correct to mention that there is another solution, the precautionary solution. With the use of our service SOC and thanks to the use of latest generation analysis systems, it is possible to immediately identify a malware or an attack ransowmare and block it before it does damage.
Whether it is adopting best practices for backup and storing them remotely, or adopting a SOC to protect this aspect and many others in the field of IT security , SOD is available to discuss the situation and find a solution tailored to the needs of your company.
Contact us to ask for information, we will be happy to answer any questions.
Network Attached Storage (NAS) is a great low-cost tool for storing your data like backups (single files / folders or entire operating system images). Thanks to its connection (ethernet or wifi) with the local network (LAN) it is possible to easily copy the contents from your PC or server to the NAS using manual and / or automatic systems.
So why is not the NAS the reliable solution for storing my backups?
Although it is cheap and very easy to install, configuring it and using it presents some critical issues that do not make it ideal in professional work environments where data is a critical component and the backup and restore process must be absolutely guaranteed. Let’s see some examples together:
DISADVANTAGES OF BACKUP ON NAS
♦ Theft: typically the NAS are physically located inside the company (office, CED, etc.), in the same building where the data are stored that they keep the backup therefore in case a company should suffer the theft of the equipment the latter would lose both the original data present in the computers / servers and their backup contained in the NAS;
♦ Damages: Catastrophic events (earthquakes, tsunamis, tsumamis, floods, fires, etc) could damage the company’s computer equipment, destroying both the original data and the backups stored on the NAS;
♦ Ransomware: the latest variants of ransomware are able to encrypt the content of the data stored in the NAS, which makes this tool ineffective because the backup would be in turn compromised and its data not usable.
Do not limit yourself to the NAS to save your data, save them in the Cloud with the BaaS services (Backup as a Service)
What are the countermeasures to protect your data?
ADVANTAGES OF THE BACKUP ON CLOUD
♦ Physical protection: keeping your backups on the Cloud means relying on Cloud Providers who, thanks to their Datacenter, are able to guarantee the physical security of the data, also in compliance with the ISO certifications;
♦ Cloud: The Cloud by its nature allows to segregate data in order to protect the backups from ransomware viruses and all those activities (voluntary or involuntary cancellations) that constitute a threat to the data;
♦ Scalability: the size reserved for backup can easily be increased to adapt to continuous business changes.
BaaS (Backup as a Service) is the service that allows your company to save a copy (off-site copy) of data in Cloud. In this way, you can store your information in a safe place and then restore it at any time in case of disaster.
BaaS is one of the ways to implement backup 3-2-1 rule.
Secure Online Desktop provides its customers with two different ways to implement BaaS to offer a range of different options based on different business needs.
Backup as a Service
The first BaaS (Backup as a Service) solution uses the well-known Veeam technology, widely used by millions of customers around the world, to extend its Veeam local installation to Secure Online Desktop Cloud. The related service is called Veeam Cloud Connect and allows Veeam users to select Secure Online Desktop as a cloud service provider directly from the Veeam console via the “BACKUP INFRASTRUCTURE -> ADD SERVICE PROVIDER” panel or by searching it with the “FIND SERVICE PROVIDER” link.
Pros and cons of the Veeam Cloud Connect solution
1) No installation – No additional software or hardware devices are needed in the company;
2) Simplicity – The customer can turn on Cloud Provider functionality from the Veeam Backup & Replication console with a simple click;
3) No new console – You will not need to use a new tool or access additional consoles because all Cloud backups are perfectly visible within the already existing Veeam Backup & Replication console;
4) No VPN – There is no need to establish any additional encrypted channel between the client and the Secure Online Desktop as communications are encrypted through SSL during transit and are encrypted to the source with AES algorithm.
5) WAN Accelerator – With Veeam’s WAN accelerator capability, you can optimize backup communications to reduce time and optimize Internet bandwidth usage.
1) It is necessary to have the Veeam solution already in the company;
2) Only the devices supported by the Veeam solution can be protected from backup.
The second BaaS solution uses instead of Acronis technology and its Anydata engine. Similarly to the first, this service allows you to have an off-site copy on our Cloud and to perform full recovery (the entire virtual machine in case of virtualized environments) or partial (the single file or folder) of your data with a simple click.
Pros and cons of the Acronis Cloud Backup solution
1) No other backup software is required – Within the service, the software agents needed to operate with Cloud Backup System will be provided. This way the service can also be used for local copies;
2) Full Protection – Acronis Cloud Backup covers many types of devices, applications, and operating systems including mobile devices;
3) No limit on systems to be protected – The service is billed only on the basis of the storage size in Cloud without any limit on the number of systems to be covered by backup;
4) Local backups – The software agents provided by the service and its backup policies allow you to keep backup over even on any local storage at your site without any additional cost.
1) It is necessary to install or distribute agents on all systems that you want to cover from the service.
Estimated reading time: 7 minutes Il vishing è una particolare tipologia di phishing che sfrutta la tecnologia Vo… https://t.co/q9OO03jSHj
Estimated reading time: 5 minutes Come abbiamo già affrontato precedentemente negli scorsi articoli, i ransomware… https://t.co/O8xUUJocYc
Estimated reading time: 6 minutes Il Database Activity Monitoring (DAM) è una tecnologia applicata alla sicurezza… https://t.co/juh8ZBKMqP
Estimated reading time: 6 minutes I continui progressi in ambito di automazione della sicurezza informatica hanno… https://t.co/mPc4yUpVf8
Estimated reading time: 5 minutes Nell’articolo precedente abbiamo visto i più comuni casi d’uso di un SOCaaS, sp… https://t.co/MvxAKo6Zey