{"id":6293,"date":"2017-09-06T18:41:20","date_gmt":"2017-09-06T08:41:20","guid":{"rendered":"http:\/\/nsrd.info\/blog\/?p=6293"},"modified":"2018-12-11T08:14:20","modified_gmt":"2018-12-10T22:14:20","slug":"talking-about-ransomware","status":"publish","type":"post","link":"https:\/\/nsrd.info\/blog\/2017\/09\/06\/talking-about-ransomware\/","title":{"rendered":"Talking about Ransomware"},"content":{"rendered":"

The “Wannacry” Ransomware strike saw a particularly large number of systems infected and garnered a great deal of media attention.<\/p>\n

\"Ransomware<\/a><\/p>\n

As you’d expect, many companies discussed ransomware and their solutions for it. There was also backlash from many quarters suggesting people were using a ransomware attack to unethically spruik their solutions. It almost seems to be the IT equivalent of calling lawyers “ambulance chasers”.<\/p>\n

We are (albeit briefly, I am sure), between<\/em> major ransomware outbreaks. So, logically that’ll mean it’s OK to talk about ransomware.<\/p>\n

Now, there’s a few things to note about ransomware and defending against it. It’s not as simplistic as “I only have to do X and I’ll solve the problem”. It’s a multi-layered issue requiring user education, appropriate systems patching, appropriate security, appropriate data protection, and so on.<\/p>\n

Focusing even on data protection, that’s<\/em> a multi-layered approach as well. In order to have a data protection environment that can assuredly protect you from ransomware, you need to do the basics, such as operating system level protection for backup servers, storage nodes, etc. That’s just the beginning. The next step is making sure your backup environment itself follows appropriate security protocols. That’s something I’ve been banging on about for several years now<\/a>. That’s not the full picture though. Once you’ve got operating systems and backup systems secured via best practices, you need to then look at hardening<\/em> your backup environment. There’s a difference between standard security processes and hardened security processes, and if you’re worried about ransomware this is something you should be thinking about doing. Then, of course, if you really want to ensure you can recover your most critical data from a serious hactivism and<\/em> ransomware (or outright data destruction) breach, you need to look at IRS<\/a> as well.<\/p>\n

But let’s step back, because I think it’s important to make a point here about when<\/em> we can talk about ransomware.<\/p>\n

I’ve worked in data protection my entire professional career. (Even when I was a system administrator for the first four years of it, I was the primary backup administrator as well. It’s always<\/em> been a focus.)<\/p>\n

If there’s one thing I’ve observed in my career in data protection is that having a “head in the sand” approach to data loss risk is a lamentably common thing. Even in 2017 I’m still hearing things like “We can’t back this environment up because the project which spun it up didn’t budget for backup”, and “We’ll worry about backup later”. Not to mention the old chestnut, “it’s out of warranty so we’ll do an Icarus support contract<\/a>“.<\/p>\n

Now the flipside of the above paragraph is this: if things go wrong in any of those situations, suddenly there’s a very real interest in talking about options to prevent a future issue.<\/p>\n

It may be a career limiting move to say this, but I’m not in sales to make sales<\/strong>. I’m in sales to positively change things for my customers. I want to help customers resolve problems, and deliver better outcomes to their users. I’ve been doing data protection for over 20 years. The only reason someone stays in data protection that long is because they’re passionate about it, and the reason we’re passionate about it is because we are fundamentally averse<\/em> to data loss.<\/p>\n

So why do we want to talk about defending against or recovering from ransomware during a ransomware outbreak? It’s simple. At the point of a ransomware outbreak, there’s a few things we can be sure of:<\/p>\n