PiChris - Fotolia
NEW ORLEANS -- With the WannaCry attack of the last week still top of mind, protection against ransomware drew a great deal of attention at Veeam Software's user conference.
Representatives at the VeeamON conference advocated that a rock-solid data protection plan is the best form of protection against ransomware.
"If ransomware comes into play, the only way to get out of that is backup and restore," said Rick Vanover, director of technical product marketing at Veeam.
Vanover and Brian Maher, Veeam senior alliance product marketing manager, offered tips for implementing best practices for protection against ransomware during a VeeamON session.
"This is not just meant to go against ransomware," Maher said. "It's data protection hygiene."
Quick tips for ransomware and data protection
Vanover pointed to a "3-2-1-1-0" rule for data protection in the age of ransomware:
- three different copies of data;
- data spread across two different media;
- one copy of the media off-site;
- one copy of the media offline; and
- no errors after a backup recoverability verification.
Although tape has fallen out of favor for backup, and Vanover admitted to having issues with it, he said its offline capability is the key to protection against ransomware.
"In today's world, it does have a very significant benefit," Vanover said.
Tape can provide an air gap that prevents attackers from accessing data. An air-gapped system is isolated from other computers through lack of network or internet connectivity.
"If you can't find it, you can't nail it," Maher said of an air-gapped device.
Where we've been, where we go
Ransomware -- malware that encrypts the victim's data and demands payment for the decryption key -- often gets into a system through an infected email attachment or website. The most common payment method is Bitcoin, but iTunes and Amazon gift cards are also used.
The first documented case was in 1989 on floppy disk, Vanover said.
"[Ransomware] isn't new, but it is getting more prevalent," he said. "It is getting more advanced."
Rick Vanoverdirector of technical product marketing, Veeam
Maher said he has been tracking ransomware a long time, and it seems that every time the IT industry makes a gain, the attackers find a way around it.
"This is going to be a cat-and-mouse game," he said.
Maher said he thinks the WannaCry attackers "should be charged with manslaughter," because they affected hospitals. Vanover noted that a Veeam employee couldn’t attend an important medical appointment because of the attack.
When Vanover asked at the session how many people had dealt with a ransomware incident, about a dozen hands went up. He noted that according to a recent Veeam poll of approximately 1,000 customers:
- Nearly 46% had some form of ransomware incident in the last two years; of those, 91% had data encrypted.
- Only 2% of respondents admitted to paying ransom; of that small sample who paid, all but one of them paid less than $10,000.
- Of those hit, 84% were able to recover data without paying the ransom.
Maher noted that for victims who pay, the work is not over. Sometimes the attackers don't give the data back even after receiving payment. And attackers know they've found someone who will pay and could attack again.
Veeam customer Mario Angers, senior manager of systems at The University of British Columbia, said he is confident in his platform for protection against ransomware and is not concerned about a potential attack.
"I think we do a necessary level of patching," Angers said. In addition, if his organization does get compromised, he said it could restore from a remote site "without any issues."
To that point, Veeam co-founder Ratmir Timashev stressed the proactive approach highlighted by Vanover and Maher.
"The best way to fight ransomware," Timashev said, "is to have good backups."
Handbook: Recovering from ransomware with data protection
Proper ransomware protection is all about backup and DR
Protection layers needed to effectively fight off ransomware