Ransomware: Five Critical Steps Service Providers Must Take for Their Customers

Cryptolocker, Cerber, CryptoWall, Crysis, and Sodinokibi are all variants of ransomware, a problem that has reached epidemic levels. It is easy to understand why —  it is a billion dollar plus criminal enterprise and sometimes it seems like the bad actors are just getting started. The best way to beat it is with a strong prevention plan that includes good backups and the discipline to manage the backups correctly.

Since backups are so valuable they are often targeted by criminals, and MSPs, with their wealth of managed endpoints, have become popular victims. The newest variants of ransomware will crawl a system looking for particular file types to encrypt or delete, including backup files. This leaves the enterprise unable to recover and their data destroyed. 

If you are the service provider who is responsible for ensuring customer data, this is your responsibility. And, as evidenced by the Texas ransomware outbreak in August 2019, MSPs are an attractive target as the hackers can potentially infect numerous organizations with little extra effort. In July 2019, the Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing and Analysis Center (MS-ISAC), National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) issued a joint statement urging all levels of state and local government to protect their networks against the threat of a ransomware attack. 

Fortunately, with the right data defense strategy in place, MSPs can provide advanced protection for ransomware and other malicious attacks.

Here are five steps you should follow:

Step 1 —  Copy. When it comes to backups, redundancy is not a bad thing. Follow the 3-2-1 rule. That means having three copies of your data on two different types of media, and one version stored off-site. A cloud purpose-built for off-site data storage and archiving is an ideal location.

Step 2 — Secure. Ransomware predominantly targets the most prevalent operating system: Windows runs on over 80% of servers worldwide. Consider a purpose-built appliance delivered in hardened-Linux to prevent attacks on your backup architecture. Require two-factor-authentication (2FA) across your internal systems as well as your customers. Given that big security breaches are frequently a result of failure to patch in a timely manner, automated patching is a must. 

Step 3 — Test. You cannot recover from ransomware without good backups – and the recoverability of those backups is often taken for granted. Make sure you regularly test your backups for any issues (including undetected ransomware) that could impact a successful recovery. This doesn’t have to be hard, in fact best-in-class backup appliances automate the entire testing process, including sending an easy-to-read final report to stakeholders. 

Step 4 — Detect. Early ransomware detection means less data gets encrypted and you can recover faster. Consider an intelligent backup appliance that has built-in predictive analytics and machine learning that looks for ransomware activity in every file of every backup. Best-in-class appliances will automatically flag the corrupted files and alert administrators so a recovery can begin quickly.

Step 5 — Super Fast Recovery. The reality is, when it comes to ransomware, it’s just a matter of when. However, if you have effectively backed up your customer’s data — including their SaaS data like Office 365 and Salesforce — and tested its recoverability, you will be ready to quickly restore critical business applications to the last good backup, reducing downtime and revenue loss — and for you, the potential loss of a customer.

Choosing the right solution to protect client data must be a key underpinning of your ransomware protection strategy. With the right solution in place, it is possible to reduce the impact of a ransomware attack to a minor inconvenience.

You can expect cybercriminals to keep launching ransomware attacks for the foreseeable future. Do you have the right strategy in place to deal with them?

This article is written by Joe Noonan, VP of Products for Unitrends and Spanning.