Ransomware Protection

It's no longer if, it's when

According to the latest briefing report from Beazley, ransomware remains the top cyber security threat for businesses. Cases reported by their clients in 2019 is up 131% on 2018. 

How well is your business protected from ransomware attacks. Well, these businesses thought they were protected.

  1. TRAVELEX - Attacked in late 2019, with a £4.6m ransom demand. They are now back online. Read more...
  2. EUROFINS SCIENTIFIC - Attacked in early 2019. They paid an undisclosed sum to regain control of their data. Read more...
  3. NORSK HYDRO - Attacked in mid 2019, but refused to pay the bitcoin ransom. Lost £45 million in three months trying to regain control. Read more...
  4. SONICWALL - Their statistics show ransomware attacks in the UK increased by 195% in the first six months of 2019.  Read more...

Ransomware has evolved

Since 2017, ransomware has been evolving and hackers realised that in order to get organisations to pay the ransom they also needed to disrupt backup and recovery processes. 

The latest variations of ransomware aim to take advantage of the time it takes for an organisation to identify a breach - usually 190 days!

The ransomware relies on an unwitting employee letting it in and not spotting the breach. It waits for a period of time and then activates. 

  1. Ransomware breaches your network, most likely through email.
  2. It remains seemingly dormant, not detonating.
  3. The ransomware infects your backups, as each backup takes place.
  4. The backup cycle completes between 30-90 days and then....
  5. Boom! The ransomware detonates, creating an Attack Loop.

The Impact of an Attack Loop

What is an Attack Loop?

Put simply, an Attack Loop means you cannot restore your data. As the ransomware lay dormant, it infected, or encrypted, all copies of your backup so you no longer have a clean version to restore from. The Attack Loop starts as soon as you try to recover your data.

Solution.

The best approach to this is to embed cyber security software inside the backup software, that scans for malware during backups and recoveries. Asigra’s Cloud Backup does exactly this and that is why Proxima recommends Asigra.

Protect your business from Ransomware

The best approach to this is to embed cyber security software inside the backup software that scans for malware during backups and recoveries. Asigra’s Cloud Backup does exactly this and that is why Proxima recommends Asigra and why we partner with Data2Vault to provide you with a managed service. 

The Attack Loop service offers three layers of protection against the threat of ransomware infection, the most comprehensive approach available today ... 

  • The scanning of file backup data for zero day exploits during the data collection and data restore process. This prevents ransomware infected data being recovered into the network and creating an Attack Loop. 
  • The use of variable naming for all Asigra backup files, making them very difficult for ransomware programs to locate. Advanced, but increasingly common strains of ransomware such as SAMSAM, Zenis, SAMAS and CryptoWall locate and delete popular backup files before encrypting the user data. With the deletion of backup files the organisation is at high risk following a ransomware incident. 
  • The Attack Loop service applies a 2-Factor Authentication check at the administration level to all mass deletion requests. If a ransomware program tried to trigger a “delete all backup files” request this would pass to your system administrator.
Address

Springview
Carlton Road
Bowers Gifford
Essex
SS13 2LT
United Kingdom

Contacts

info@proxima-security.co.uk        
Phone: +44 203 642 2270