Why Early Detection Of Ransomware Is Essential

January 24, 2017

Many people assume that ransomware, once it enters a computer, only locks the files on said device. While this was the case in the early days, today’s ransomware is much more vicious, designed to spread itself out across entire networks, rendering a business inoperable.

Shared network drives are one reason that ransomware spreads quickly. Beyond that, many forms of ransomware are designed to harvest data from infected systems. For example, the variant known as TeslaCrypt 4 can lift Windows operating system keys and unique identifiers from infected computers. Another strain of ransomware, CryptoWall 4, has the ability able to steal credentials as soon as the first payload is installed. These measures allow ransomware to spread rapidly to additional machines on the local network and beyond. Scary stuff!

Another common assumption is that ransomware targets on-premises systems only. However, the cloud is not immune to these attacks. In fact, 35% of MSPs surveyed in Datto’s 2016 State of the Channel Ransomware Report had witnessed ransomware infecting popular SaaS applications including Dropbox, Office 365 and Google Apps.

How does ransomware spread to the cloud? In Google Apps, for example, Google Drive sync allows users to automatically synchronize some or all of their local files with Google Drive copies. Users can work on files offline, and when they reconnect to the Internet, changes are automatically synced. If files on a computer are infected by ransomware, they will sync to Google Drive and corruption will exist on both versions. And, if you are using Google Drive to collaborate with colleagues, ransomware can spread rapidly across all shared files and folders—creating a much larger issue.

Ransomware begins encrypting data on infected computers very rapidly. In many cases, encryption occurs within minutes of the malware’s execution. So, not only do you need a way to rapidly detect the malware, you also need a way to rapidly restore data to a point in time before the corruption occurred. Annodata/Datto’s Ransomware Protection and Recovery Solution (RPRS) is designed to do both. RPRS can detect a ransomware attack and roll back systems to a point in time before the attack happened. It protects files and folders anywhere on the network, on mobile devices, workstations, and in the cloud.

According to security vendor McAfee Labs, ransomware will remain a major and rapidly growing threat in 2016. In other words, now is a good time to put a strategy in place to avoid ransomware. To protect your business data, educate end users on what to watch out for (suspicious attachments, links, etc), ensure your software is up-to-date and patched, use reputable antivirus software, and choose a data protection solution that takes frequent, automated backups of your data and enables fast recovery. To learn more about our security solutions, get in touch today to book a demo.