Ransomware protection and recovery should be at the forefront of everyone's planning in 2021. If not properly protected, a loss due to Ransomware is far more likely than any other disaster event and could impact your organization permanently.
VMsources offers a whole range of tools to assist your with Ransomware protection and recovery, which I will detail in the following articles, including a summary of what works and what doesn't.
Regardless of who you choose as provider, or take a do-it-yourself approach, we encourage you to take every step possible to protect your organization from Ransomware events and facilitate a speedy recovery if and when they should happen!
Remember, VMsources can be your Ransomware Protection and Recovery MSP!
John Borhek, CEO
Lead Solutions Architect
Mobile: +1 928.606.0483
Office: +1 215.764.6442 X1001
Support Portal: https://support.vmsources.com
Email Support: email@example.com
Backup Standalone Systems with Veeam Cloud Connect
VMsources is a Veeam Cloud Connect partner and we are able to offer backups to the Cloud for all of your standalone workstations, laptops, and physical servers.
Because Veeam Cloud Connect does not require a VPN tunnel to work,these devices will be securely protected from any network they happen to be connected to. Moreover, in the event of a loss, you have all of the traditional recovery options (full restore, file-level restore) plus you can restore directly to our VMware vCloud for the most rapid access to the protected systems!
Protect Workstations, Laptops, and Physical Servers
Mitigate Ransomware with Veeam Immutable Repositories
Restore to the original location or the Cloud
An effective plan to combat Ransomware
Every organization needs an effective plan to combat the threat of Ransomware. Getting started is as easy as defining the goals. We call our Ransomware plan "PPR":
Prevent Ransomware events before they happen by educating users and improving habits with filesharing and email
Use a certified SET provider to conduct Phishing tests within your organization
Protect your organization by using proven technologies such as VMware Horizon View, Endpoint Protection such as VMware Carbon Black, email blocklists, and dynamic firewall rulesets to prevent users from accessing malicious payloads in the first place
Be prepared, if and when a malicious payload should affect your organization.
Implement "air-gapped" or Immutable Backup Repositories
Use DRaaS to fail over when production systems are affected by Ransomware. NOTE: Ransomware must be detected before all Replica states are overwritten by affected data, usually 7-24 hours, depending on policy)
Ransomware: What works, what doesn't and, what's ineffective
The impact of Ransomware on organizations worldwide is growing rapidly. Practically every week we read about Schools, Universities, Governments, Hospitals, and Enterprise that are affected. In most cases, the result is a complete shutdown or major loss for days, or weeks, while IT re-builds systems from scratch or recovers data slowly from individual systems or offline backups!
The situation is becoming so dire that many insurance providers are altering coverages due to Ransomware or refusing to underwrite organizations that don't have a Ransomware protection and recovery plan in place.
The primary vector that allows Ransomware to get loose within an organization are infected files. These files are delivered through various means such as phishing emails, USB, public fileshares (Dropbox, etc.), and unverified websites.
Unfortunately, it is impossible to entirely eliminate the means through which Ransomware is distributed while maintaining productivity. Can you imagine completely eliminating email attachments? It simply wouldn't work.
Backup your systems using the 3-2-1 Rule and make sure that one of the copies is an Immutable Repository, and/or offsite and/or on WORM Tape.
Why Immutable Repositories work:
Immutable Repositories and WORM Tape can not be overwritten by the malicious process and are, therefore, safe from Ransomware
Have VM Replication in place to a logically and geographically separate DR site.
Why do Replica VMs work?:
Replica VMs at a logically and geographically separated site should be stored using an entirely separate filesystem, network, and authentication from the Production systems.
Ransomware can not penetrate the VM envelope, so it can encrypt files inside the VM, but not the VM itself. Because of the logical and geographic separation, Replicas are protected.
One risk of VM Replication is that Ransomware may not be discovered in a period of time before the entire Replica chain is overwritten, typically 7-24 hours.
Educate your users regarding phishing emails. Only open emails from known sources and only open attachments after verifying the payload has been scanned by antivirus/endpoint protection.
Why does education work:?:
Through continually reminding users NOT to access unknown attachments or unauthorized file sources, much of the initial vector for Ransomware payloads can be eliminated.
Periodically using a Social Engineering Toolkit (SET) to simulate phishing emails from "the payroll department" can also help to educate and warn vulnerable users regarding their email habits.
Install effective endpoint protection such as VMware Carbon Black
Why does Endpoint protection work?:
Endpoint protection identifies both known payloads and operating signatures of Ransomware.
It prevents users from opening known payloads and identifies unknown payloads by the way they work.
Endpoint protection minimizes (but not entirely prevents) loss where unknown payloads are concerned because it must "observe" the process of making data inaccessible before it can identify the Ransomware signature.
Use Virtual Desktop Infrastructure
Why does VDI work?:
VDI effectively protects against Ransomware for at least the following reasons:
Admins can control USB device policy
No VPN is required and home networks aren't logically attached to Enterprise LAN
All VDI sessions exist behind the Enterprise Firewall and unauthorized or known bad sources can be blocked by policy
Endpoint protection can be applied by policy and managed effectively
All data and work products can be protected by policy-based backups
Recovery can be performed quickly in the event Ransomware does occur
What doesn't work:
Backup systems where backup servers themselves are on the same Active Directory Domain as the users.
Why doesn't it work?
In the event of a Ransomware event, the malicious process has the opportunity to encrypt the backup files as well.
VM Replication where both the source Infrastructure and destination Infrastructure use the same Authentication Directory (Active Directory, LDAP or RADIUS)
Why doesn't it work?
In the event of a Ransomware event, the malicious process has the opportunity to encrypt the Replica VMs.
Password aging or requiring overly-complex passwords.
Why doesn't password aging or requiring overly complex passwords work?
Because users will write their credentials down and stick them on their monitor or under their keyboard. The NIST has recommended Digital Identity Guidelines in Special Publication 800-63B since 2018 and we have distilled them here.
What's good for security but ineffective with Ransomware:
Multi-factor authentication (often known as "2FA").
Why is 2FA ineffective for Ransomware?:
Don't get us wrong, 2FA is an essential part of any security plan because it prevents unauthorized users from accessing privileged systems and data (Think about passwords written on post-it notes!), but it does not prevent your users from accessing Ransomware payloads.
VMsources Price List Q3 2021
First and foremost, VMsources is not raising prices! While other vendors are profiting from hidden costs and fees, we are holding the line for Q3 2021!
As always, we believe that simplicity is elegance and we have created the simpliest possible price list covering the range of services we provide. We attached our price list to this email for your review.
If your organization is currently covered by a contract with VMsources, we will continue to honor the contract or the new Price List (whichever is lower). If your contract is up for renewal, we will endeavor to get renew at the same rates you currently have. If you have no contract we will begin applying the Price List on 7/1/2021