Is your operating system making you more vulnerable to ransomware?
Microsoft reports that there’s been a 400 percent rise in ransomware encounters affecting Windows since 2015, with older versions of Windows being more exposed to attack and having an increased likelihood of an actual infection after an invasion. There are over 100 million known viruses for Windows, while infections on the Linux OS are much less common. Linux OS has a 2% market share while Windows is being used by more than 90% of the market. Therefore, Windows is the prime mark for bad actors, while Linux is marginalized as a ransomware target.
Ransomware security has become a major concern for many enterprises running Windows servers. As a result, many organizations are transitioning away from malware susceptible Windows backup software and implementing purpose-built, highly secure Linux-based appliances and software to ensure their data is safe from these security attacks. Cyber crooks aim for maximum impact so the more widely deployed of Windows OS is the top target. Additionally, Linux systems are harder to compromise, because they are hierarchical.
Unitrends understands the advantages of this solution and has the functionality to deploy a Linux virtual appliance for VMware, Hyper-V and Citrix, as a Recovery Series hardware appliance, or as installable Linux software on your own hardware. Because of the discrepancy in popularity, cyber pirates in the ransomware world target the more popular Windows OS. Linux is seen as less attractive to cyber criminals and therefore it is more resistant to malware and ransomware attacks.
Resources for do-it-yourself ransomware attacks are plentiful and typically target Windows. Ransomware as a Service (RaaS) providers and programmers target the low hanging fruit, Windows users.
Ransomware has evolved to evade today’s top defense solutions, as 93% of IT service providers report attacks despite Anti-Virus / Anti- Malware software in place. Organizations that have a backup and disaster recovery solution in place, nearly 100 percent have been able to deal with and resolve ransomware intrusions.
While some of the anti-ransomware tools and antivirus-for-ransomware providers work diligently to uncover ransomware threats and defeat attacks, the fact is, with 4,000 attacks daily (according to the FBI) there are simply too many iterations for those programs to uncover all these threats. Because of the constant evolution of variants, trying to detect or prevent ransomware with Blacklists, Whitelists or Signatures is futile. The software companies simply cannot keep pace with the multitude of threat deviations. Additionally, hackers are embedding their code into already whitelisted software, which slips past anti-virus detection software undetected.
Testing Your Security
After an invasion, you need to turn to your backups to restore your system. To implement effective recovery from ransomware, you need both verified backup and disaster recovery. Recovery Assurance performs automatic testing to facilitate an assessment of the viability of your backup and it can be used to detect ransomware components which may disrupt your ability to recover. DR testing is typically low on IT admin’s priority lists. In a recent survey on the state of disaster recovery, 60% IT pros said that they test their DR plan once a year or less. As one of the Unitrends solutions capabilities, the Recovery Assurance feature provides backup testing and verification. It is designed to ensure that your backup data can restore your system as planned. A component of that testing includes the ability to run a security check for ransomware. Your backups only have value if you can use them to recovery. Successful DR needs to be free of ransomware. Recovery Assurance allows you automatically verify your backup and it can be used to perform ransomware testing which may disrupt your ability to recover.
Security Through Education
Another ransomware security measure is employee education. Educate your co-workers on how to avoid phishing scams, spam, baiting, pretexting, malevolent websites, attachments from unknown senders, etc. Teach employees to be very skeptical whenever they encounter a digital click request that is outside the realm of their normal office communications.
Phishing via email and spam are the most prevalent source of ransomware downloads. In 2016, More 97% of phishing emails sent in 2016 contained ransomware. Teaching the staff how social engineering works, how it can entice recipients to inadvertently download malware and urge them to check the sender name and subject line of every email.
Teach them to be suspicious of oddities in the email from co-workers, urge them to verify suspicious email attachments with the senders. Don’t let them give remote access to fake support teams, make sure the employees know who to contact with IT woes.
Ensure employees know the people to call to get questionable activity checked out. Explain to them how to be cautious of sites with lo res files or awkward designs, they might be fake versions of the website they intended to visit. Be wary of click-bait headlines, it’s always better to type in the URL in the browser that takes you to a legitimate site instead of clicking through the link and getting directed to a malicious site.
Overall, Unitrends advocates for a five pronged approach to protect against malware and provide maximum ransomware security. At Unitrends we’ve identified 5 pillars of defense that, in combination, offers you the best anti-ransomware protection against malicious attacks.
Use backup! Follow the 3-2-1- rule. Three copies of your data, 2 different types of media and 1 version stored off-site. If you do get hit by ransomware you’ll have an easy escape.
Ransomware predominantly targets the more prevalent Windows OS. Consider a purpose-built appliance written in hardened-Linux to prevent attacks and secure your backup architecture.
You cannot recover from ransomware without a good backup – and making sure a backup is recoverable is often taken for granted. Make sure you regularly test your backups for ransomware and other issues that could impact a successful recovery. It’s critical to make certain your files, settings, applications and structured data are available for instant and successful disaster recovery.
Early ransomware detection means less data loss and downtime. Some backup systems are more intelligent these days. They use predictive analytics and machine learning to look for anomalies and conditions typical of ransomware attacks and alert administrators of abnormal fluctuations.
5. Instant Recovery
If you’ve effectively backed up your data and tested its recoverability you will be ready to roll back your network to a safe restore point and avoid downtime and revenue loss.
There are physical and behavior aspects of protection that can help make your enterprise more secure in the fight against ransomware. Explore the litany of ransomware security options to protect your network against attack.