Page 58 - Cyber Warnings
P. 58
A ransom Trojan called HDDCryptor infected about 2,000 machines on the agency’s network.
In the upshot, Muni’s automated faring service, email and print servers, CAD machines, lost and
found property terminals, as well as employee training and payroll systems ran out of service for
several days.
The threat actors demanded a ransom of 100 Bitcoins (about $73,000) for data and systems
recovery.
If the organization had recent images of the compromised computers readily available, they
could have simply formatted the hardware and reinstated it to the latest unaffected version.
Moreover, it’s not mandatory to keep multiple images of each machine. Instead, incremental
backup solutions will only store the most recent copy of a system to roll back to.
Testing backups as the rule of thumb
The complexity of large organizations’ data structure poses a hurdle to implementing an
effective backup strategy. Such enterprises store heterogeneous information and use different
types of systems, so it may be difficult and time-consuming to verify the efficiency of the
recovery process.
Therefore, a company may be doing backups regularly but still stay unprotected against
ransomware and suchlike predicaments, because the IT team never tested their backups
properly.
System administrators need to bank on testing otherwise backups are no use.
Keeping backups out of criminals’ sight
Data backups are cyber extortionists’ worst nightmare, so they configure their ransomware to
scour infected computers for them.
Some sophisticated strains of ransomware are capable of encrypting files on network drives,
both mapped and unmapped.
That’s where backups often reside. Any data repository tied to a contaminated machine is
potentially at risk.
This also applies to external media mounted to a particular computer, such as hard drives and
USB memory sticks.
Enterprises should adopt network segmentation to restrict user access to backups. Employees
only need this access for emergency rather than on a daily basis.
For routine incidents when files are accidentally deleted, commonplace file syncing services will
fit the bill.
58 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
