StorageCraft Technology Corporation
X

Remember WannaCry? It was the ransomware that infected over 300,000 machines in 150 countries around the globe last year. Experts are referring to this data massacre as the most expansive ransomware outbreak in history. But WannaCry is just one of the hundreds of examples of ransomware that can wreak havoc on your data and cost your business massive amounts of cash. According to Cybersecurity Ventures, the world’s leading researcher covering the global cyber economy, international ransomware damage costs are predicted to exceed $11.5 billion annually by 2019.

Though technically everyone is at risk for infection, some companies are more vulnerable than others. Do you store information that’s attractive to hackers (banking or credit card information, social security numbers, patent details, etc.)? Have you backed up all your important files? Is your security up to date and in working order? Are all of your employees well-trained in successfully spotting phishing emails? Find out here.

Even if your data is well-protected, there are certain businesses that are simply more likely to be targeted. The 2016 Kaspersky Security Bulletin broke down the percentage of ransomware attacks by business sector globally in 2016:

 

Industry sector % attacked with ransomware
1 Education 23
2 IT/Telecoms 22
3 Entertainment/Media 21
4 Financial Services 21
5 Construction 19
6 Government/

public sector/defence

18
7 Manufacturing 18
8 Transport 17
9 Healthcare 16
10 Retail/wholesale/leisure 16

 

To evaluate why these sectors are so hard-hit by ransomware, one must only ask the questions above to get the answer on why their data is so attractive to the bad guys. In the education sector for example, data might include bank account information, social insurance numbers, and private or sensitive research, making it incredibly desirable and valuable to hackers. In terms of security, throughout a college campus a large amount of file transfers occur among a plethora of people, many of whom are unaware or insufficiently protected against cyber security, phishing scams, and malware threats.

Ransomware hackers target government and health services since inhibiting access to files in these sectors is dangerous to the health and safety of civilians, making it more likely hackers would be paid to quickly release the data. In 2017, Britain’s National Health Services was hit hard by WannaCry, forcing doctors and surgeons to cancel appointments and urge patients to avoid seeking medical treatment while files were held for ransom.

Besides organizations in the top-ten industries hit by ransomware, many other companies are also frequently targeted. According to Intermedia, one in four businesses infected have more than 1,000 employees and nearly half of these attacks affect 20 or more personnel per business. Kaspersky’s 2016 study determined one business will be infected with ransomware every 40 seconds, and that 42 percent of small-to medium-sized business were infected in a 12-month period. In the past, these companies were usually targeted through mass-emails, however studies are showing that hackers are becoming more selective with their emailing, sending out targeted mail to specific businesses they suspect will be willing to pay to retrieve their data.

The bottom line is, if you have data you can’t afford to lose, you will be a viable target for ransomware hackers. The best way to save your files from an attack is to ensure all your critical data is backed-up and easily recoverable. If you’re nervous about ransomware and haven’t yet created a backup and recovery plan, StorageCraft may be the perfect fit for your needs. Contact us today for more information on our solutions or for your free trial of our StorageCraft ® ShadowProtect ® SPX .

View Comments

  • Hello,

    I'm just wondering if any of you have actually tested this scenario in the end and come to any conclusion since this article was published.

    Thank you!

    • Hello Octavian,

      Thank you for asking. To be honest I haven't tested this theory, though it's been on my "to do" list since the question first came up. Have any of our other readers tried storing backup images on a Server 2012 deduplicated volume? I would be interested in at least two qualities of this test: 1) how much storage can be freed using this process (as a percentage of the original data size), and 2) is their any discernible difference in I/O speed compared with a data volume that isn't managed? I'm interested in your comments.

      Cheers!

  • you missed so many important factors. just don't bother writing an article like this if you don't provide all the information, its far too dumbed down. you have probably lead astray some poor network/system admin who will choose to back up to disk and sacrifice his companies data retention for cost. you don't know the cost of the average company to lose recoverable data.

    • Hi Daniel,

      Thank you for your comments. Yep, there is so much to talk about with this topic. What information would you like to see in more detail? We're always looking to talk about the tech that interests our readers as well as what interests us.

      Cheers!

  • This appears to no longer work on their 6.1 and 6.1.1 versions. I tried FAT32 and NTFS partitions as well.

    It appears they switched to some sort of linux boot to do this.

    • Hello Greg,

      Yes, there have been some updates to the process since I wrote this article in March of this year. We now have the StorageCraft Recovery Environment Builder for Windows which does most of the heavy lifting. This means I don't have to come up with creative solutions using unsupported third-party software to create a bootable USB, I can make a bootable USB natively with the Recovery Environment Builder.

      Some of the benefits of using the builder include the ability to add custom drivers to the recovery environment during the build process, faster boot times because each build is language specific, and the builder is able to leverage the latest Windows PE (currently Windows 8) with the latest Microsoft drivers and security fixes.

      The Recovery Environment Builder creates ISO's using the Windows ADK you have locally installed. These ISO files can be used to boot a virtual machine or they can be burned to CD/DVD or USB using the Recovery Environment Builder application. StorageCraft also provides an ISO Tool utility which comes free with StorageCraft ShadowProtect. This tool can rip, burn, author and mount/dismount ISO files and makes a handy addition to your IT toolkit. This ISO Tool can also be used to burn bootable CD/DVD drives using the ISO created by the Recovery Environment Builder.

      Basically we're trying to make your recovery process as easy and fast as possible, which is why the Recovery Environment Builder now creates customizable ISO's in several "flavors" of the recovery environment (e.g. IT Edition) and burns those ISO's to your available removable media. The builder application is your all-in-one solution for creating a bootable ShadowProtect recovery environment.

      If you want more about the ISO tool utility, check out this article: http://www.storagecraft.com/blog/the-best-things-in-life-are-free/

      Cheers!

  • I have a question with the following...your use of the Word "Host" in between the *stars* (see below)

    5. Regularly check the virtual machines’ event logs for VSS errors as they can indicate problems with the backup. This is good to do because when the *host* machine calls for a backup of the VM, the VM is asked to pause processes while ShadowProtect takes the snapshot

    Don't you mean "Guest"? As per you reasoning in the above statements, the "Host" is only backing up the OS drive. The ShadowProtect Client, that's installed on the VM "Guest" machine, calls for the backup itself, not the Hyper-V "Host".

    • You’re correct, we were referring to the guest. But, after further review, we noticed that the sentence you pointed out in step five doesn’t quite fit with the remainder of the post, so we’ve removed it. It is, however, still important to check the virtual machines’ event logs for VSS errors-- this is just a standard best practice to make sure everything is running smoothly.

  • The price of a microlized hypervisor is in case of Hyper-V, that it is to large to get fully loaded into the RAM. This could have backdraws if you lost the contact to the boot volume. I found an impressive demonstration about this topic @Youtube: http://www.youtube.com/watch?v=E8ZF0ez0iH0
    In case of this, it seems VMware has still the better product.

  • Well done to Guy & Casey it's an excellent eBook, well worth reading and well worth keeping a copy close to hand!

  • I have no bone in this debate. However, I have used both agentless and agent based backup solutions in my 14 yr IT career. I am also a Certified Ethical Hacker and Certified Penetration Testet. That distinction is important to my comments below:

    1- The statement made above "It’s important to keep in mind that in order to take a true disk image for complete, fast bare metal recovery, something has to be installed on the machine." is false. This can be done by agentless, remote capability. I have done this myself.

    2- I have used the security holes proclaimed above to not exist to break into systems using the usually weak backup passwords. The machine was in fact running shadow protect. Yes the holes exist, yes it is up to the local IT folks to keep that in mind.

    • Hello David,

      Good points, and we respect your professional opinion. It's true that the perfect system has not been created yet, meaning that every system is imperfect in some way. With this in mind we are attempting to represent the "best" solution based upon the Microsoft Windows architecture and philosophy. Of course, this solution is limited to the underlying OS architecture and any of its inherent weaknesses. You have aptly pointed out one of those weaknesses yourself: that of weak backup passwords. If an administrator chooses not to implement the strongest passwords at their disposal then the administrator presents an opening for unethical and malicious behavior. It should be noted that this is not the fault of the software, but of the human managing the software. The software may be designed perfectly but implemented or secured in a manner which allows for errors or weaknesses.

      With regards to agent-based backups, it is Microsoft's intent that their Windows OS be managed (in this respect, backed up) using agents. They themselves use agents to manage Windows Server backup processes. We understand that it is still possible to create a disk image with an agent-less backup; however, Microsoft's propensity towards agents warrants the use of an agent-based solution. In addition, there are a number of advantages that an agent-based solution offers over an agent-less solution. For example, an agent-based solution (if implemented correctly) can operate at a low level of the OS not available to injected or remote procedure processes. In the case of StorageCraft's ShadowProtect agent this allows us to directly track changes to the disk and to function as a driver within the Windows OS resulting in fast and reliable backup images. Other systems which inject agents typically have to traverse the file system looking for changes first before they can begin processing a backup, resulting in added overhead and resources.

      As you've pointed out, both solutions can work. And to add to your comments I will point out that the effectiveness of either an agent-based or agent-less solution really depends on the underlying code and how it is implemented. So I guess we come full circle back to the beginning where we both agree that software is only as good as the person designing/using the software. We feel we've built a rock solid agent-based solution founded on Microsoft's platform but designed and implemented by our amazing developers to give our customers fast and reliable backup images which are easy to use and manage. Hopefully this message comes across in our products as well as our literature.

      I would like to personally thank you for taking the time to contribute to our forum. The life of a "white hat" has always intrigued me as you guys get to use operating systems in ways that many of us can only imagine. And I think we're grateful for your honest commentary.

      Cheers!

  • For a "lover of words", you sure missed this:

    "The brain is so complex that we’re a long way from discovering all of its mysteries, and we might never actually know how much space has."

    Read it slowly...

  • 1 2 3 4 11