Beating ransomware using cloud infrastructure with vGRID and Veeam
FYI, this story is more than a year old
When Kiwi motorcycling distributor Whites Powersports were hit by ransomware, unlike so many other Kiwi businesses they didn't have to panic because they knew vGRID already had their back.
The company has been a vGRID customer for several years after deciding that cloud infrastructure was the best solution for their IT business needs. Whites Powersports utilises vGRID Enterprise Virtual Servers with Premium Back-up which offers better technology and performance than it could get on its capex budget.
The solution, crucially, includes Veeam Software which is integrated into the vGRID platform as a service offering, providing availability through efficient Virtual Machine backup, fast and flexible recovery and advanced Virtual Machine replication.
Within two hours of being hit by ransomware Whites Powersports was back up and running.
While ransomware has become one of the biggest cyber security threats for businesses, Bruce Trevarthen CEO of LayerX Group, is adamant that protecting businesses from ransomware does not have to be a daunting task.
“The backup and disaster recovery solutions in vGRID inherently protect you from that,” he says.
“We have services and offerings that, if implemented, give companies the peace of mind that their data can be restored with full integrity very quickly and in an efficient manner – and Whites Powersports is a great example of that,” he says.
“The reality is that as much as you can put in smart systems, software and processes, and educate your staff, ransomware attacks can and will still happen.
“You can never be 100% protected from ransomware.”
While ransomware only really achieved its high profile in recent years, it has been around since 1989, however early versions, distributed on diskettes, were easily decrypted.
Today, two types of ransomware dominate – locker ransomware, which denies access to a computer or device, impersonating law enforcement and claiming the computer is under investigation and has been locked, usually until a ‘fine’ has been paid; and the more common crypto ransomware.
Crypto ransomware prevents access to files or data, with CryptoLocker the first big crypto-ransomware to gain attention.
CryptoLocker is a more advanced form of ransomware, which first surfaced in 2013 and relies on social engineering to get users to open email attachments. A Trojan horse then infiltrates the system and encrypts files with commercial grade encryption and, according to Bill Kleyman, Veeam Cloud, Virtualisation and Data Centre Architect, taking advantage of Windows’ default behaviour of hiding the extension from file names to disguise the real .exe extension of the malicious file.
Kleyman cites one study which shows ransomware netted one group of cybercriminals more than $120 million – or 189,813 bitcoins – in just six months in one widespread ransomware attack.
A newer form of ransomware, CrypJoker, uses the AES-256 algorithm to encrypt files. While not widely distributed yet, Kleyman says security experts are warning of the variant, which targets 30 different types of files and deletes shadow copies of them.
“The reality with these things is they are very, very brute force, they encrypt and then the system will keep going back and re-encrypting files they’ve already encrypted,” Trevarthen says.
“So it’s not just the case of getting really powerful computers and un-encrypting it – it’s far more detrimental than that.
“And even if you pay the ransom – and I’m not suggesting anyone does – you have to wait to have it unencrypted, which can be quite long,” Trevarthen says.
McAfee Labs noted in a September 2016 report that ransomware attacks were growing at more than 128% year on year with more targeted attacks increasing.
Trevarthen says currently ransomware isn’t strictly targeted, with cybercriminals instead targeting just a database of potential victims.
“If ransomware gets to a point where it is fully automated and you’ve got scripts encrypting files and demanding ransoms, they could arguably target every single company in a country,” he says.
“That is a much bigger problem – it’s a situation where you could cripple a country’s economy, if it was able to take hold.”
With IT now so interwoven with business processes, Trevarthen says crippling a business by taking out its IT isn’t unrealistic – no matter what the size of the business.
“If we can get our channel community to get out there and protect New Zealand businesses, it’s good for business, but it’s also good for New Zealand.”
vGRID’s offerings include a range of outsourced IT services including virtual servers, virtual desktops and Exchange email along with backup and recovery solutions for servers and files, and a voice services platform.
“When configured for disaster recovery, a customer can power on a replicated virtual server in just a few minutes.”
Trevarthen says vGRID is constantly evolving its systems, running a three year product life cycle to ensure the most up-to-date, high performance infrastructure, with the software also being refreshed and kept up to date.
The offerings are delivered via the Kiwi reseller channel. “Our partners are our frontline,” Trevarthen says.
“We don’t do anything our partners do – we don’t patch servers, go onsite, configure servers or liaise with the customer.
“Our job is to provide the channel with the tools they need to go to market and make big promises. Our partners need to be able to go to market and make bold claims and we enable that.
“If we’re empowering the channel to make bold promises, and these promises resonate with the market in terms of what is important for small businesses, then we’re doing our job and providing our partners with the ability to do theirs.”