A close look at how leveraging backup and recovery principals with Infrascale can help organizations beat ransomware attacks. Very cool technology which also augments DR/BC preparedness.
2. RECORDING?
The video will be posted at
www.infrascale.com/webinars.
SLIDES?
Yes! The slides are available in handouts now.
JOIN THE CONVERSATION!
Follow us on Twitter @infrascale.
QUESTIONS?
Post questions for our presenter(s)
throughout the webinar.
AGENDA
Introduction
Our mission
What can you do to beat it?
Q&A
How is ransomware winning?
3. Our Mission is simple:
1. Provide the very best customer experience possible
2. Provide a ‘one stop shop’ for IT as a Service
4. INFRASCALE AT A GLANCE
Unrivaled initial backup speed and a full set of features and
tools make it a top choice for off-site data protection.
THIRD PARTY VALIDATION
2011
Los Angeles, CA
1,000
1M devices protected & counting
7 global data centers
100+ petabytes of data
Founded:
HQ:
Partners:
Customers:
Data Centers:
Data Protected:
ABOUT INFRASCALE
VISIONARY
Disaster Recovery
as a Service
6. Source: The Cost of Server, Application, and
Network Downtime: North American Enterprise
Survey and Calculator, IHS Inc. (January 2016)
IT downtime costs North American businesses $700 billion annually,
mostly due to loss of employee productivity.
COST TO FIX
REVENUE LOSS
PRODUCTIVITY LOSS
ANNUAL
AGGREGATE
COSTS:
$700 BILLION
THE COST OF DOWNTIME
7. Of those surveyed have had a
data center outage in the past
24 months.
TOP CAUSES OF DOWNTIME
91%
PERVASIVENESS OF DOWNTIME
55%
22%
18%
5%
0%
10%
20%
30%
40%
50%
60%
Hardware
failure
Human Error Software
Failure
Natural
Disasters
Sources: Ponemon Research (2013)
Quorum DR Report (2013)
Of companies experienced an
outage or downtime THIS year.
47%
THE UBIQUITY OF DOWNTIME
8. C Yes, that’s why we’re here.
A
B
No, but it’s not good.
Rough idea, but it hasn’t been formally assessed.
Do you know how much your company loses for every day of downtime?
POLL
10. new malware modifications
were detected in Q1 2016.2,900
of ransomware victims were unable
to access their data for 2 days.72%
In ransoms were paid in 2016, a
6000% increase from 2015.+$1B
of SMBs fell prey to phishing
emails in 2015.34%
Kaspersky Lab Q1 Threat Evolution Report, May 2016)
Intermedia 2016 Crypto-Ransomware Report
RANSOMWARE TODAY….
ThreaTrack Security, March 2015
Verizon 2015 Data Breach Investigations Report
Source:
11. There are only two options at this point:
Pay the ransom Restore systems
How long would it take you to restore systems to pre-infection? Would
the downtime be costlier or more disastrous than paying the ransom?
LIMITED OPTIONS
Hope they provide the encryption key
to unlock systems & files
Restore systems to a point
BEFORE the infection
12. WHAT TO DO IF YOU GET INFECTED?
1
Remove the
infected machine
from the
network
Figure out
when you
were infected
Roll back from a
previous backup
(or image)
2 3
14. THE LONE-WOLF MYTH
01
Lone-wolf
Myth
Ransomware variants and campaigns are purpose
built to optimize revenue generated
▪ Campaign tracking and identification
▪ Vulnerability specific targeting
▪ Industry-specific targeting
▪ Business profile targeting
▪ Product Roadmaps and evolution
15. …a campaign ID that is used to track the effectiveness of different campaigns and potentially pay out shares to
affiliates responsible for those campaigns, suggesting that Spora may be offered as ransomware-as-a-service.
SPORA, THE LATEST IN RANSOMWARE
0201
Lone-wolf
Myth
▪ Variable pricing
▪ Campaign IDs
▪ Offline operation
▪ Professional GUI
▪ Built-in Chat Support
▪ Potential ‘Service’ Model
16. In 2016, Cyber criminals began moving to business
targets for bigger ransoms.
TARGETING YOUR BUSINESS
02Targeting
Businesses
▪ SMBs
▪ Industrial Services
▪ Medical Facilities
▪ Financial Services
▪ Government Agencies
Are you a soft target?
17. Massive phishing attack sent to
as many as 100 million email
addresses claiming to be an
Amazon shipping order update.
Locky gained notoriety when it
crippled the Hollywood Presbyterian
Medical Center and compelled the
hospital to pay $17,000.
Locky has the ability to encrypt
network shares and drives that
your workstation may not
normally have access to.
WORLDWIDE
REACH
TARGETING
BUSINESSES
NETWORK
EFFECT
Ransomware extortionists will wreak havoc on corporate IT infrastructures in 2017 like never before.”
BIGGER FISH, BIGGER REACH
02
Targeting
Businesses
18. PRIMARY OBJECTIVES:
▪ Access the domain
▪ Identify and access backups
▪ Identify and access applications (SQL)
▪ Identify and access high-trafficked files
03
TARGETING CRITICAL SYSTEMS
Targeting
Systems
MISSION:
▪ Encrypt critical data and initiative ransom
20. 04
ELIMINATING YOUR BACKUPS
Targeting
Systems
At the end of the encryption process, Spora runs [a] CLI command, which among other things deletes
shadow volume copies, disables Windows Startup Repair, and changes BootStatusPolicy.
Physical Servers Virtual Servers Desktops Laptops Databases
Storage
Encryption
256 AES
Deduplication &
compression
DOMAIN ACCESS GRANTS RIGHTS TO….
Offsite
Replication
010010101010111
110001101000110
BUT, NOT INFRASCALE.
21. YOUR RECOVERY IS TOO SLOW
05
Slow
Recovery
$-
$100,000.00
$200,000.00
$300,000.00
$400,000.00
$500,000.00
$600,000.00
$700,000.00
1 hour 2 hours 6 hours 1 day 2 days 3 days 4 days 5 days
Downtime with Ransomware
Hard Cost Opporunity Cost Ransom TOTAL
80% of businesses down for 3-5 days or longer do not survive the next 12 months.
Profile:
$11M Annual revenue
30% margin
23. C Yes.
A
B
No.
Close, but no cigar.
If ransomware hit your business today, would you be prepared?
POLL
24. I never figured out the fuss over ransomware…The single most
important thing any company or individual can do to improve security is
have a good backup strategy. It’s been true for decades, and it’s still
true today.
-Security Guru, Bruce Schneier
27. THE DATA VALUE PYRAMID
HQ Core DC
Remote/Branch Offices
End-points
Mission critical
Usually
Protected
Usually Exposed
28. YOU NEED A COMPLETE SOLUTION…
HQ Core DC
Remote/Branch Offices
End-points
Mission critical
Infrascale
Disaster Recovery
Infrascale
Cloud Backup
29. Physical Servers Virtual Servers Desktops Laptops Databases
Cloud Failover
Appliance
Encryption
256 AES
Deduplication &
compression
HOME (PRIMARY) SITE OFFSITE (SECONDARY) SITE
Spin Up Server
FAILOVER
FAILBACK
Spin Up
Server
1024 AES
ENCRYPTED
TRANSFER
010010101010111
110001101000110
Paired appliance, Cloud, AWS, Azure
PROTECT AGAINST MICRO & MACRO DISASTERS
30. END USER
3. Users keep
working
2. Recover &
Virtualize
1. When
an outage
attacks…
THE NEW ROAD TO RECOVERY
31. Ellen McCree
A TALE OF TWO UNIVERSITIES
Systems Analyst
University of Virginia
Alumni Association
TARGET
University of Virginia
Alumni Association
Charlottesville, VA
Total downtime: 1.5 hours
LOCATION
IMPACT
With Infrascale, I quickly and easily recovered clean versions of our
encrypted files with minimal user impact. It was easy-peasey.”
32. C Yes, but not right away
A
B
Yes
No
Would you like to be contacted about our free evaluation?
POLL