- Aug 12, 2019
This isn’t always true if backups are on site.If a business doesnt create backups every day they are pretty stupid. Its automated.. You dont really have to do much.. Just switch to the backup. lose a days worth of work.
Ransomware purposefully hunts for backups in order to delete them to hinder the restoration process. Volume Shadow Copies (VSS) is what it will hunt for on most machines.
It will then worm through the network to hunt for shares where the backups could also be (SANs, NAS, etc) and encrypts them.
The best way to beat ransomware is to be prepared for it, primarily be beachhead defended (first stage) and user training. Somewhere someone click a link or opened an attachment.
If you want to know how modern agressive ransomware works, take a look at NotPetya, which crippled a tonne of systems worldwide: The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED
Also, this attack against us is probably RYUK, which is described here: A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak (redcanary.com)
Ransomware is clever! It searches artefacts of the operating system to identify what anti-virus programs are running and disables them.Bitdefender has ransomware protection. It scans and copies all the files so if overwritten it will restore them. Surely there is something out there the equivalent for servers after all these years
This is my day job (hunting, defending and remediation) and the biggest and best get hit. Some also pay the ransom, some/most pay a percentage. There are negotiators that the Big 4 (Deloitte, PWC, KPMG, EY) and other Incident Response (IR) companies have, so you deal with them as a middle man and never talk to the ransomware operators.