RansomwareWhat is it? and how it works

Formazione Online

Andrea Rossi

Senior System Engineer

arossi@netgear.com

Ransomware … what is it?

“Ransomware is a type of malware that prevents or

limits users from accessing their systems and data.

This type of malware forces its victims to pay the

ransom through certain online payment methods in

order to grant access to their systems, or to get their

data back.”

P.S. tipically the system/data becomes not accessible but data are not stolen.

Ransomware … once

Src: http://www.trendmicro.com/vinfo/resources/images/tex/infographics/ransomware-101_ai.jpg

4

SRC: https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx

Ransomware … today

SRC: https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx

Ransomware … today

SRC: https://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx

Ransomware … today

“You can regain control of your web browser without paying anything by closing the warning message using

the Task Manager. When you reopen your browser, make sure you don't click 'restore previous session'. “

FakeBsod

Ransomware … today

Device Lockers

Files Lockers

8

Crypto Ransomware

SRC: https://blogs.sophos.com/2015/03/03/anatomy-of-a-ransomware-attack-cryptolocker-cryptowall-and-how-to-stay-safe-infographic/

Ransomware prevention

Recommendations for Users

1.Regularly backup your data

2.Keep UAC enabled. UAC notifies you when changes are going to be made.

3.Use an anti-malware solution with anti-exploit, anti-malware and anti-spam modules.

4.Good internet practices; avoid questionable websites, link or attachments in emails from

uncertain sources.

5.Enable ad-blocking tools to reduce malicious ads.

6.Use filters to reduce infected spam emails.

7.Adjust your web browser security settings.

8.Keep Windows OS and vulnerable software- ex. the browser and its plug-ins – up to date.

Ransomware prevention

Recommendations for Companies

1.Educate employees in good computer practices, in identifying social engineering attempts

and spear-phishing emails.

2.Install, configure and maintain an advanced endpoint security solution.

3.Enable software restriction policies to block programs from executing from specific

locations.

4.Use a firewall to block all incoming connections from the Internet to services that should

not be publicly available.

5.Make sure programs and users have the lowest level of privileges necessary to complete

a task.

6.Enable Backup & System Restore to restore previous versions of the encrypted files once

the virus has been removed

How Netgear may help

Server and PC Backup

• ReadyRecover, Shadowprotect and other backup software

Network Segmentation & Access Control

• Full Managed and SMART Switches

Secure folder and files

• RN & RD with AD security integration

Snapshots & Offsite Replication

• RN & RD - Snapshot enabled on shares used for file sharing purposes only

Ready

NAS

314

Ready

NAS

316

ReadyNAS 3138

ReadyNAS 4220

Ready

NAS

312

RN

102

RN

104

ReadyNAS

2120

ReadyDATA

5200

Feature /

Performance

Ready

NAS

516

ReadyDATA

516

BTRFS-based

ReadyNAS OS 6.x

Home-based user Small business(5 -75 users) SMB (75-200 users) ME ( 100+ users)

ReadyNAS

716X

NETGEAR Unified Storage for SMBBroad portfolio for every storage need!

ZFS-based

ReadyDATA OS 1.x

ReadyDATA + Backup SW

Backup Appliance

12

RN

212

RN

214

Snapshots (Manual and Automatic)

+ Provide the ability to retrieve data from the past• Like saving multiple versions of the same file

+ Space efficient (so you can keep many)

+ Can be automatically or manually created

+ Smart Snapshot Management prunes according to age and automatically deletes snapshots when space is low

+ Access to snapshot folder is in read-only mode.

Data

BTRFS & ZFS

only

Snapshot Help

Demo with ReadyNAS

The demo is included in the webinar recording available at

https://www.youtube.com/playlist?list=PLe3KX18oiKje3As4bpf-INIfjwzsxpn5p

ReadyRECOVEREnterprise-class Backup Appliance for SMB

+ Fully integrated backup appliance

+ Protection for Windows Servers, Virtual Machines, & PCs both onsite and offsite

+ Easy setup and management

+ Due to data integrity on the hardware, requires only one full backup

+ Combination of leading software with 100% data integrity storage (ZFS)

+ Hardware Independent Restore: restore to any hardware or virtualization platform

+ Zero-delay, WAN optimized replication

+

ReadyRECOVERFull Backup Every 15 Minutes, Forever!

Every backup writes only changed data, forever!

Maximum efficiency & minimal performance impact

Every backup is verified in real time, forever!

Every backup is a full restore point, forever!

Only 1 Full backup at the beginning, no weekly additional backups

We can do that because of ZFS File System

16

Because RR

provides a trusted

relationship

between Software

and 100% data

integrity File

System