Cloud Hosting

Data breach and ransomware attacks are at the forefront of the digital and technological corporation world. Circulating the news recently was a vulnerability named Log4Shell. First detected in December and known as a zero-day vulnerability, it is found in the popular Apache Log4j open source logging library which is used in nearly every enterprise app and service from vendors including Microsoft, Twitter, VMware, Apple and Amazon. This vulnerability enables a remote attacker to take control of the device on the internet if it is running certain versions of log4j. Attackers can easily feed Log4j with malicious commands from the outside and make it download and execute dangerous code from malicious sources, putting organisations around the world at a huge risk.

Most recently, a fake update allegedly for Windows 10 is instead hijacking computers with ransomware. Known as the Magniber ransomware, it appears as a normal Windows security update, however once a computer has been infected, users are served a warning saying that all their personal files have been encrypted. The Magniber ransomware drops a README.html document in each folder it encrypts which point users towards the hackers Tor payment site. The website will provide victims with one free file that is decrypted without a charge but forces them to pay in cryptocurrency to unlock the rest.

With an increase of these types of attacks, organisations must look to safeguard themselves from what could be a catastrophic consequence for their IT environment if not protected.

How Ransomware Attacks Happen

Ransomware hackers seek to exploit security vulnerabilities to gain access to a computer. Once inside a networked computer, the hacker will navigate their way through the network to gain access to more sensitive targets and lock them down via complex encryption. Such targets may include critical databases, source code repositories and entire applications. During this process, the hackers will delete snapshots or backups of the servers and systems they have locked down.

There are a number of ways that hackers use to gain access to a computer. One of the most common methods is phishing emails. A victim is sent an email including an attachment masquerading as a file they should trust. Once the file has been downloaded and opened, this will allow for the hacker to take over the victims computer. Some other methods used by hackers exploit security vulnerabilities to infect computers without interacting with a user.

The hacker then demands a ransom from the victim to restore access to the files, system or data upon payment. Users are invited to negotiate with the hackers and the costs range from thousands to millions of dollars paid in cryptocurrency.

Defend your business with a technology escrow vendor

With the current boom in ransomware attacks, recovery and backup hidden away from your network are critical to overcoming an attack.

Organisations of all sizes should do what they can to protect their network against attack. But in the real world, even with the best intentions of educating your workforce and patching servers, hackers are still able to get through and exploit vulnerabilities with the ultimate aim of locking down a server, system or database and deleting any cloud backup snapshots in their sight.

However, although this all sounds very daunting, there are ransomware escrow solutions available to organisations today to ensure the upmost protection from these hackers.

Ransomware Recovery Live - Efficient Recovery in the Event of a Ransomware Attack

Ensure efficient continuity in the event of an attack on your live and DR environments. A technology escrow vendor will maintain a complete replica of your production environment which will be hosted independently and maintained in a dormant state that can be spun up in the event of an attack. The system data may be backed up on an automated and scheduled basis using Backup as a Service (BaaS). The replica environment will be tested on either a monthly or quarterly basis to ensure it will be available if ever needed. Weekly integrity testing is included to provide assurance that files have not been unknowingly compromised by hackers in the background. You should choose a technology escrow vendor who supports all leading cloud hosting vendors including AWS, Microsoft Azure, Google Cloud and private data centres.

Ransomware Database Backup & Recovery (BaaS)

Databases are the most common targets for ransomware hackers. From the hackers perspective, encrypting databases are an easy way to inflict maximum damage. For a business, the loss of access to data will cause severe damage both operationally and financially. A daily backup of your encrypted database backups to your chosen technology escrow vendors cloud vaults via a pull Backup as a Service (BaaS) process will keep your database backup out of the reach of hackers. These services should include a weekly integrity test to provide assurance that files have not been unknowingly compromised by hackers in the background.

Ransomware Source Code & Infrastructure as Code Sync - Keep a Copy of Your Git Repos Out of Reach of Hackers

Protect your development source code and deployment scripts such as Terraform and CloudFormation from ransomware hackers. Synchronize your Git repos with a technology escrow vendors Git Collector servers and securely backup your code repos on a daily basis with their Backup as a Service (BaaS) solution. Choose a technology escrow vendor who can support all leading Git repos including GitHub, Bitbucket, GitLab, AzureDevops and more. Their services should also include a weekly integrity test to provide assurance that files have not been unknowingly compromised by hackers in the background.

By choosing the right technology escrow vendor and selecting the right solution for your organisation, the ransomware hackers will not have visibility of this process or access to the vendors backup servers and therefore will be unable to delete these backups or snapshots.

Seek out potential vulnerabilities with Penetration and Vulnerability Testing

There are a comprehensive range of cyber-security services available to identify and evaluate potential vulnerabilities, root cause analysis and mitigation control. These in-depth assessments help improve the business security position and prioritises the implementation of security controls based on a simulated attack.

Penetration testing is the process of conducting a simulated attack on IT infrastructure to determine any weaknesses using the methodologies, techniques and tools that provide the best representation of what a real-world malicious attacker would do.

More:
Are you prepared to defend your business from Ransomware Attacks? - JD Supra