Story image

Ransomware threats evolving to attack backup programmes

16 Jul 18

Security experts today are seeing signs of growing competition between ransomware distributors.

Attackers are starting to probe previously unreached countries, where users may not be prepared for fighting ransomware and where competition among criminals is lower.

Ransomware-as-a-Service is becoming more and more popular, with amateur cybercriminals trying to earn easy money.

Ransomware attacking backup files

The traditional defence against ransomware is having a disaster recovery solution in place, as users can restore their machines to the most recent backup copy before the attack.

This is leading modern cyber criminals to also attack and delete backup programmes and files to remove this as an option for their victims.

One of the few solutions in the market that has taken this into account is the Acronis Disaster Recovery Cloud.

The solution includes Acronis Active Protection, a robust self-defence mechanism that prevents any process in the system other than Acronis software from modifying backup files.

Acronis Australia and New Zealand general manager Neil Morarji says, “Ransomware puts everyone’s data at risk.

“With Acronis’ cyber protection solutions, including Acronis Disaster Recovery Cloud, we’re making ransomware a less viable tool for cyber criminals.”

Better than signature-based threat detection

At the heart of Acronis Active Protection lies a heuristic approach to malware detection that is much more advanced than the traditional, signature-based approach.

While one signature can detect only one sample, heuristics analysis can detect multiple or even hundreds of samples of files that belong to one so-called family (usually similar in behaviour or patterns of actions).

The behavioural heuristics are a chain of actions (file system events, to be precise) done by a program that is then compared with a chain of events in a database of malicious behaviour patterns.

Acronis Active Protection checks any suspicious processes that it detects against the whitelist and blacklist.

Potential ransomware is stopped and placed into the blacklist, which prevents it from starting again on the next reboot.

This is important because the user does not have to repeat the process of blocking the ransomware all over again next time starts the machine.

Laying the bait

The Acronis Active Protection feature includes specially crafted honeypots used to find and disarm ransomware.

Like a bee is drawn to honey, ransomware is often looking for certain types of files.

If these types of files into controlled directories, you can catch and isolate the ransomware.

Because these directories are controlled by Acronis Active Protection, the infection can’t spread.

Users won’t see these files because they are hidden in the system and take up very little space on a hard drive, so this additional layer of security doesn’t create any inconvenience.

Machine learning integration

Machine learning brings Acronis Active Protection to a whole new level, especially when it comes to zero-day threats.

It creates a model of legitimate processes, so even if bad actors find a new vulnerability or way to infiltrate the system, it will detect the ransomware’s processes and put a stop to them.

Acronis machine learning infrastructure is built so that new anonymised user data will be uploaded regularly for analysis.

Machine learning not only raises detection level but also reduces any potential false positives as it acts like second authority for heuristics to make a final decision.

Security experts, the FBI and other organisations agree that ransomware attacks will continue to take place more frequently, especially in corporate and small business environments.

As such, organisations need to ensure that they’re equipped to handle such threats because it’s only a matter of time before they’re attacked.

Acronis Disaster Recovery Cloud enables businesses to recover from attacks with minimum downtime, ensuring business continuity.

Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Is mobile shopping compromising your enterprise security?
When employees do their holiday shopping on company resources, security teams have a challenge with the surge in browsing and online transactions.
Different approach to malware detection needed – VMware
Security needs to move away from the traditional approach of chasing after arbitrary forms of malware.
Modernising ERP systems can help organisations comply with GDPR
“Organisations need to look for modern ERP systems that are specifically designed with GDPR in mind."
Cyber attacks develop complexity, target Windows sysad tools - report
The report explores changes in the threat landscape over the past year, uncovering trends and how they are expected to impact cybersecurity in 2019.
DanaBot banking Trojan: How to protect your organisation
DanaBot is a Trojan written in the Delphi programming language that includes banking site web injections and stealer functions.
Ping Identity announces new Identity-as-a-Service solution
PingOne for Customers is built for the developer community and provides API-based identity services for customer-facing applications.