What’s the Best Way for Your Organization to Prevent Ransomware Attacks? | Asigra

This is part of a series of interviews with Asigra Partners. In this post we’re talking with Brent Reichow, Principal at BlueShift Data Protection about misconceptions with IaaS and SaaS and data protection, trends in the Asian-Pacific market related to backup and recovery, his experiences with ransomware and what organizations can do to prevent attacks.

VM: IaaS Systems like MS Azure and AWS seem to be proliferating these days? What should enterprises/companies be aware of when using these tools?

BR: Services like Azure and AWS will continuously grow their cloud computing services and solutions to keep up with the demands of the marketplace. Something organizations need to keep in mind is that these are not backup providers and offer little to no solutions when it comes to backing up and recovering data.

VM: With so many companies moving to the cloud and SaaS platforms, what would you say are the biggest misconceptions with data protection and SaaS offerings?

BR: Whether you make the choice to use AWS, Google Apps, Salesforce.com remember that none of these services offer a robust backup, recovery or protection plan for user data. Remember, you’ve outsourced a service, not a data management tool, so it’s important to know that your information will not be protected when considering these services.

VM: What are some trends you’re noticing in the industry now?

BR: There are a couple of trends that we are tracking and seeing more traction with recently:

1. Virtualization: Most companies are moving infrastructure to the cloud. Once organizations move to the cloud, keep in mind that you’ll require other services.
2. The Rise of Data Centres:  Data Centres became popular during the early 2000’s because companies needed fast internet connections and a fluid operation to manage operational systems, ensuring that systems were efficient. At Blueshift, we’re currently extending our partnerships with data centres, providing them with backup and disaster recovery services to ensure that their clients maintain operational excellence and efficiency.
3. Increasing Demand for Trusted IT Advisors:  I’ve noticed that our customers want us to do more than just manage their data, we’re now almost like consultants who work with them to not only provide services, but to also provide insights like a Trusted IT Advisor. We help them with their policy creation to ensure if an attack did hit, their onsite IT staff is more proactive than reactive.

VM: What is the one piece of advice you can give to companies to prevent/safeguard ransomware from affecting their data?

BR: Users/employees are the weakest chain in the link – this is typically where most of the mistakes will happen (i.e. clicking on a link in an email). We advise managers to:

1. Train their employees by reminding/informing them of what ransomware is. Make sure they understand the ramifications of ransomware and how it can be avoided.
2. Set up some sort of policy or guidelines around dealing with ransomware attacks. For example there should be a set of steps/reporting structure in place if computers were to be hit with ransomware.

VM: There was an experience which you had with one of your clients in Tokyo where they were hit by ransomware. How were you able to help them recover the data…can you tell us about the recovery process and what you did?

BR: There have been three instances where our clients have been hit by ransomware. This specific client was in the healthcare industry, namely in the medical device manufacturing field. On October 6, 2016, we received the call that they were not able to access files in the network. We were able to decipher that the virus was Zepto, because all affected files were renamed with the .zepto extension. We were also able to pinpoint the encryption to a specific laptop within the network where a user opened an email attachment which affected our client’s D: drive…over 300 people and over 20,000 files (approximately 20 per cent of total data). We were able to help to recover the data using our data protection solution powered by Asigra to restore the files that were affected back to their original location and we also disconnected the host workstation so the virus didn’t spread to any more machines. Although the recovery time was fairly quick, the system was down for a few hours because our client wanted us fully educate their IT staff about the ramifications of ransomware and help them implement a new policy on how ransomware can be avoided.

If you would like to read the full investigation, click here to read or if you would like to see a video on how ransomware can encrypt your data: click here.