StorageCraft Technology Corporation
X

Last week we saw another high-profile widespread ransomware attack: Bad Rabbit. It has hit more than 200 major organizations primarily in Russia, Ukraine, Turkey, Germany, and potentially other countries across the globe.

According to Wired UK:

The Bad Rabbit ransomware spreads through “drive-by attacks” where insecure websites are compromised. “While the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor’s infrastructure,” according to analysis by Kaspersky Labs. In this instance, the malware is disguised as an Adobe Flash installer. When the innocent-looking file is opened it starts locking the infected computer.

However, the malware isn’t installed automatically. It has to be clicked on to work. When a user clicks on the malicious installer—which is highly probable given the number of Flash updates regularly issued—his or her computer locks.

How to Protect Your Data from Ransomware

As ransomware attacks become more and more frequent and sophisticated, organizations of all sizes must deploy a multilayer security approach that includes:

Defend Your Data from a Ransomware Attack with StorageCraft

The StorageCraft® Recovery Solutiontogether with StorageCraft OneBlox ensure the very best protection of your data, at all times.

The StorageCraft Recovery Solution backs up systems and data and replicates those backups to the cloud where ransomware can’t reach them. Users can recover files, even re-create their network in the StorageCraft Cloud.

StorageCraft OneBlox features Continuous Data Protection (CDP), which takes immutable snapshots automatically every 10 seconds for the first hour, then on an hourly, daily, weekly, and monthly basis thereafter. Should a ransomware attack occur, causing data encryption and corruption of the primary file system, the snapshots remain completely unaffected, immune from any modification or deletion. The ability to take such granular snapshots at 10-second intervals is critical to ensuring recovery of the latest and most recent version of the data. Unlike legacy RAID-based volume snapshots, users not only recover individual files and folders easily but also recover complete network shares.

When ransomware worms its way into your organization’s computers, you’re prepared with StorageCraft backup and disaster recovery and OneBlox next-generation scale-out storage.

See for yourself how Zenzero IT Solutions rescued their customer’s data from CryptoLocker using StorageCraft technology:

 

View Comments

  • Hello,

    I'm just wondering if any of you have actually tested this scenario in the end and come to any conclusion since this article was published.

    Thank you!

    • Hello Octavian,

      Thank you for asking. To be honest I haven't tested this theory, though it's been on my "to do" list since the question first came up. Have any of our other readers tried storing backup images on a Server 2012 deduplicated volume? I would be interested in at least two qualities of this test: 1) how much storage can be freed using this process (as a percentage of the original data size), and 2) is their any discernible difference in I/O speed compared with a data volume that isn't managed? I'm interested in your comments.

      Cheers!

  • you missed so many important factors. just don't bother writing an article like this if you don't provide all the information, its far too dumbed down. you have probably lead astray some poor network/system admin who will choose to back up to disk and sacrifice his companies data retention for cost. you don't know the cost of the average company to lose recoverable data.

    • Hi Daniel,

      Thank you for your comments. Yep, there is so much to talk about with this topic. What information would you like to see in more detail? We're always looking to talk about the tech that interests our readers as well as what interests us.

      Cheers!

  • This appears to no longer work on their 6.1 and 6.1.1 versions. I tried FAT32 and NTFS partitions as well.

    It appears they switched to some sort of linux boot to do this.

    • Hello Greg,

      Yes, there have been some updates to the process since I wrote this article in March of this year. We now have the StorageCraft Recovery Environment Builder for Windows which does most of the heavy lifting. This means I don't have to come up with creative solutions using unsupported third-party software to create a bootable USB, I can make a bootable USB natively with the Recovery Environment Builder.

      Some of the benefits of using the builder include the ability to add custom drivers to the recovery environment during the build process, faster boot times because each build is language specific, and the builder is able to leverage the latest Windows PE (currently Windows 8) with the latest Microsoft drivers and security fixes.

      The Recovery Environment Builder creates ISO's using the Windows ADK you have locally installed. These ISO files can be used to boot a virtual machine or they can be burned to CD/DVD or USB using the Recovery Environment Builder application. StorageCraft also provides an ISO Tool utility which comes free with StorageCraft ShadowProtect. This tool can rip, burn, author and mount/dismount ISO files and makes a handy addition to your IT toolkit. This ISO Tool can also be used to burn bootable CD/DVD drives using the ISO created by the Recovery Environment Builder.

      Basically we're trying to make your recovery process as easy and fast as possible, which is why the Recovery Environment Builder now creates customizable ISO's in several "flavors" of the recovery environment (e.g. IT Edition) and burns those ISO's to your available removable media. The builder application is your all-in-one solution for creating a bootable ShadowProtect recovery environment.

      If you want more about the ISO tool utility, check out this article: http://www.storagecraft.com/blog/the-best-things-in-life-are-free/

      Cheers!

  • I have a question with the following...your use of the Word "Host" in between the *stars* (see below)

    5. Regularly check the virtual machines’ event logs for VSS errors as they can indicate problems with the backup. This is good to do because when the *host* machine calls for a backup of the VM, the VM is asked to pause processes while ShadowProtect takes the snapshot

    Don't you mean "Guest"? As per you reasoning in the above statements, the "Host" is only backing up the OS drive. The ShadowProtect Client, that's installed on the VM "Guest" machine, calls for the backup itself, not the Hyper-V "Host".

    • You’re correct, we were referring to the guest. But, after further review, we noticed that the sentence you pointed out in step five doesn’t quite fit with the remainder of the post, so we’ve removed it. It is, however, still important to check the virtual machines’ event logs for VSS errors-- this is just a standard best practice to make sure everything is running smoothly.

  • The price of a microlized hypervisor is in case of Hyper-V, that it is to large to get fully loaded into the RAM. This could have backdraws if you lost the contact to the boot volume. I found an impressive demonstration about this topic @Youtube: http://www.youtube.com/watch?v=E8ZF0ez0iH0
    In case of this, it seems VMware has still the better product.

  • Well done to Guy & Casey it's an excellent eBook, well worth reading and well worth keeping a copy close to hand!

  • I have no bone in this debate. However, I have used both agentless and agent based backup solutions in my 14 yr IT career. I am also a Certified Ethical Hacker and Certified Penetration Testet. That distinction is important to my comments below:

    1- The statement made above "It’s important to keep in mind that in order to take a true disk image for complete, fast bare metal recovery, something has to be installed on the machine." is false. This can be done by agentless, remote capability. I have done this myself.

    2- I have used the security holes proclaimed above to not exist to break into systems using the usually weak backup passwords. The machine was in fact running shadow protect. Yes the holes exist, yes it is up to the local IT folks to keep that in mind.

    • Hello David,

      Good points, and we respect your professional opinion. It's true that the perfect system has not been created yet, meaning that every system is imperfect in some way. With this in mind we are attempting to represent the "best" solution based upon the Microsoft Windows architecture and philosophy. Of course, this solution is limited to the underlying OS architecture and any of its inherent weaknesses. You have aptly pointed out one of those weaknesses yourself: that of weak backup passwords. If an administrator chooses not to implement the strongest passwords at their disposal then the administrator presents an opening for unethical and malicious behavior. It should be noted that this is not the fault of the software, but of the human managing the software. The software may be designed perfectly but implemented or secured in a manner which allows for errors or weaknesses.

      With regards to agent-based backups, it is Microsoft's intent that their Windows OS be managed (in this respect, backed up) using agents. They themselves use agents to manage Windows Server backup processes. We understand that it is still possible to create a disk image with an agent-less backup; however, Microsoft's propensity towards agents warrants the use of an agent-based solution. In addition, there are a number of advantages that an agent-based solution offers over an agent-less solution. For example, an agent-based solution (if implemented correctly) can operate at a low level of the OS not available to injected or remote procedure processes. In the case of StorageCraft's ShadowProtect agent this allows us to directly track changes to the disk and to function as a driver within the Windows OS resulting in fast and reliable backup images. Other systems which inject agents typically have to traverse the file system looking for changes first before they can begin processing a backup, resulting in added overhead and resources.

      As you've pointed out, both solutions can work. And to add to your comments I will point out that the effectiveness of either an agent-based or agent-less solution really depends on the underlying code and how it is implemented. So I guess we come full circle back to the beginning where we both agree that software is only as good as the person designing/using the software. We feel we've built a rock solid agent-based solution founded on Microsoft's platform but designed and implemented by our amazing developers to give our customers fast and reliable backup images which are easy to use and manage. Hopefully this message comes across in our products as well as our literature.

      I would like to personally thank you for taking the time to contribute to our forum. The life of a "white hat" has always intrigued me as you guys get to use operating systems in ways that many of us can only imagine. And I think we're grateful for your honest commentary.

      Cheers!

  • For a "lover of words", you sure missed this:

    "The brain is so complex that we’re a long way from discovering all of its mysteries, and we might never actually know how much space has."

    Read it slowly...

  • 1 2 3 4 11