Digital Assets Report


Like this article?

Sign up to our free newsletter

How to recover from a ransomware attack

Related Topics

Companies across all sectors are increasingly dealing with ransomware attacks as cyber criminals attempt to extort money by encrypting files and effectively holding data hostage. There are endless versions of ransomware but some of the more well known include: CryptoLocker; CryptoWall; TeslaCrypt, and CTB-Locker. 

To underscore the scale of the problem, the FBI reported that in the first quarter of 2016, ransomware costs in the US totalled USD209 million. For the whole of 2015, the figure was USD24 million.*  

The McAfee Labs Threats Report 2015 found that between Q4 2014 and Q1 2015, the number of ransomware attacks increased from 260K to 725K. 

To combat this threat, fund managers need to have up-to-date antivirus software and a robust business continuity and disaster recovery plan. ACE IT Solutions, a leading IT group and provider of managed services and cybersecurity solutions, has partnered with Datto to give clients an effective solution to circumventing ransomware attacks. Datto provides comprehensive backup, recovery and business continuity solutions, which it deploys using the SIRIS 3 data protection platform.

"The way ransomware works, someone will log in and discover that their files have been encrypted. They'll see a message demanding payment to unencrypt the data. The most common route is via a phishing email that looks authentic and tricks the user into clicking on a link. We had one example of a client who thought they had been sent an invoice. An employee opened up the invoice and inadvertently downloaded the ransomware. 

"The scary thing with ransomware is that it doesn't just infect one person's PC, it can infiltrate the entire network, including servers. Unless you have the encryption key you won't be able to unencrypt the files," explains Carrie Reber (pictured), Vice President of Marketing at Datto. 

To neuter these attacks, the SIRIS 3 platform automatically takes backups of files at whatever interval a client wants. 

ACE IT Solutions will run constant backups on behalf of its clients, alleviating the stress on IT teams. One important aspect of the SIRIS platform is Backup Insights, a tool that allows users to examine backup files. 

"The reason this is useful is that some forms of ransomware sit dormant on the system before they reveal themselves. The hope is that this will allow the hacker to get into your backup files. With Datto, partners like ACE IT Solutions can examine their clients' backup files and determine whether the most recent backup has also been infected. 

"If it has, ACE IT Solutions will go back to the one before that and so on, until it locates the most recent clean backup, which is then used for the full restore," says Reber.

This completely circumvents the ransom demand and renders the attack obsolete. 

"You definitely need perimeter defence systems like antivirus software, and you need to maintain a well-managed IT infrastructure with proper controls and user permissions, but even doing all of these things there's always going to be a moment of human error, or a social engineering attack, that leads to something getting through. And that's where a reliable IT partner with a reliable backup solution like Datto comes into play; we step in once the breach has happened and allow businesses to recover without paying a penny to hackers," concludes Warren Finkel, Managing Partner of ACE IT Solutions.


Like this article? Sign up to our free newsletter

Most Popular

Further Reading