Ransomware

By Kevin King

Following acquired and innate branches, the human immune system diverges into complexity. There are T-Cells, B-Cells, bloodborne and physical barriers, like skin. One can plumb the depths of the innate bloodborne branch and encounter Phagocytes like Neutrophils, Macrophages, Basophils, and more[i].

The cellular structures themselves are immense with that nice little phospholipid bilayer[ii] guarding the path through to a megalopolis-scale architecture centered around a startling computational (DNA) core.

Yet all of this complexity with its multiple redundancies can be subverted by relatively simple construct: the virus.

I will describe an infection[iii]; you tell me its name.

  1. The infectious agent gains access to a host that has access to our victim
  2. Breaking initial defenses, the agent acquires the ability to break down the victim’s immune defenses
  3. Creating a path to the victim, the infectious agent takes over the machinery of the host to increase its infectivity
  4. The agent then deposits its complex instructions into the host, taking over yet more of the normal processes
  5. The agent hides itself to become even harder to detect

Which infection is this? Influenza? SARS-CoV-2? No. It is called SamSam, and it is a ransomware attack on a computer. And I left out step 6: A page demanding payment pops up!

The problem with modern strains of ransomware is that they not only infect one computer, but all computers on the network; not only your local storage but all connected storage, including your backups.

Ransomware

This is why our backups must be ransomware-safe. Here’s how to do it[iv]:

  1. Off-line backups. This is a backup that once done, disconnects from your network. It is very simple to do a local or cloud backup, but since that can be encrypted by ransomware, you’ll be glad you can restore everything from an off-line backup.
  2. Immutability. Backups must be WORM backups, “Write Once Read Many.” They need to be non-deletable.
  3. Anti-malware/ransomware must be on the backup server to discourage viral replication.
  4. Back up more often. The interval between backups determines the amount of potential data lost. Back up daily, lose a day of data. Backup every ½ hour, lose ½ an hour of data.
  5. Consider the 3-2-1 Method, “Three (recent) copies of your data stored across two different storage mediums/locations and one cloud storage provider.[v]

Next, ask your backup provider or IT professional, “Is my backup ransomware-proof, and how can you prove it?” Then make sure you include this in your organizational IT policies so that you can ransomware-proof your backups.

 

Kevin King

Kevin King is a Certified Security Analyst, and holds many IT and Cybersecurity Certifications. He teaches ethical hacking and does security and infrastructure consulting.

 

[i] https://healthengine.com.au/info/human-immune-system

[ii] https://en.wikipedia.org/wiki/Lipid_bilayer

[iii] EC Council CEHv11, Module 07 Malware Threats, Section: Malware Analysis, page 116

[iv] https://redmondmag.com/articles/2019/10/22/how-to-ransomware-proof-your-backups.aspx

[v] https://www.infosecurity-magazine.com/opinions/keeping-backups-ransomware/

DOCS Membership

Upcoming Events
Streaming
May 17- 18, 2024
Atlanta, GA skyline
GA
August 23- 24, 2024
Streaming
October 04- 05, 2024

More Articles