By Kevin King
Following acquired and innate branches, the human immune system diverges into complexity. There are T-Cells, B-Cells, bloodborne and physical barriers, like skin. One can plumb the depths of the innate bloodborne branch and encounter Phagocytes like Neutrophils, Macrophages, Basophils, and more[i].
The cellular structures themselves are immense with that nice little phospholipid bilayer[ii] guarding the path through to a megalopolis-scale architecture centered around a startling computational (DNA) core.
Yet all of this complexity with its multiple redundancies can be subverted by relatively simple construct: the virus.
I will describe an infection[iii]; you tell me its name.
- The infectious agent gains access to a host that has access to our victim
- Breaking initial defenses, the agent acquires the ability to break down the victim’s immune defenses
- Creating a path to the victim, the infectious agent takes over the machinery of the host to increase its infectivity
- The agent then deposits its complex instructions into the host, taking over yet more of the normal processes
- The agent hides itself to become even harder to detect
Which infection is this? Influenza? SARS-CoV-2? No. It is called SamSam, and it is a ransomware attack on a computer. And I left out step 6: A page demanding payment pops up!
The problem with modern strains of ransomware is that they not only infect one computer, but all computers on the network; not only your local storage but all connected storage, including your backups.
This is why our backups must be ransomware-safe. Here’s how to do it[iv]:
- Off-line backups. This is a backup that once done, disconnects from your network. It is very simple to do a local or cloud backup, but since that can be encrypted by ransomware, you’ll be glad you can restore everything from an off-line backup.
- Immutability. Backups must be WORM backups, “Write Once Read Many.” They need to be non-deletable.
- Anti-malware/ransomware must be on the backup server to discourage viral replication.
- Back up more often. The interval between backups determines the amount of potential data lost. Back up daily, lose a day of data. Backup every ½ hour, lose ½ an hour of data.
- Consider the 3-2-1 Method, “Three (recent) copies of your data stored across two different storage mediums/locations and one cloud storage provider.[v]”
Next, ask your backup provider or IT professional, “Is my backup ransomware-proof, and how can you prove it?” Then make sure you include this in your organizational IT policies so that you can ransomware-proof your backups.
Kevin King is a Certified Security Analyst, and holds many IT and Cybersecurity Certifications. He teaches ethical hacking and does security and infrastructure consulting.
[iii] EC Council CEHv11, Module 07 Malware Threats, Section: Malware Analysis, page 116