Story image

Ransomware threats evolving to attack backup programmes

16 Jul 2018

Security experts today are seeing signs of growing competition between ransomware distributors.

Attackers are starting to probe previously unreached countries, where users may not be prepared for fighting ransomware and where competition among criminals is lower.

Ransomware-as-a-Service is becoming more and more popular, with amateur cybercriminals trying to earn easy money.

Ransomware attacking backup files

The traditional defence against ransomware is having a disaster recovery solution in place, as users can restore their machines to the most recent backup copy before the attack.

This is leading modern cyber criminals to also attack and delete backup programmes and files to remove this as an option for their victims.

One of the few solutions in the market that has taken this into account is the Acronis Disaster Recovery Cloud.

The solution includes Acronis Active Protection, a robust self-defence mechanism that prevents any process in the system other than Acronis software from modifying backup files.

Acronis Australia and New Zealand general manager Neil Morarji says, “Ransomware puts everyone’s data at risk.

“With Acronis’ cyber protection solutions, including Acronis Disaster Recovery Cloud, we’re making ransomware a less viable tool for cyber criminals.”

Better than signature-based threat detection

At the heart of Acronis Active Protection lies a heuristic approach to malware detection that is much more advanced than the traditional, signature-based approach.

While one signature can detect only one sample, heuristics analysis can detect multiple or even hundreds of samples of files that belong to one so-called family (usually similar in behaviour or patterns of actions).

The behavioural heuristics are a chain of actions (file system events, to be precise) done by a program that is then compared with a chain of events in a database of malicious behaviour patterns.

Acronis Active Protection checks any suspicious processes that it detects against the whitelist and blacklist.

Potential ransomware is stopped and placed into the blacklist, which prevents it from starting again on the next reboot.

This is important because the user does not have to repeat the process of blocking the ransomware all over again next time starts the machine.

Laying the bait

The Acronis Active Protection feature includes specially crafted honeypots used to find and disarm ransomware.

Like a bee is drawn to honey, ransomware is often looking for certain types of files.

If these types of files into controlled directories, you can catch and isolate the ransomware.

Because these directories are controlled by Acronis Active Protection, the infection can’t spread.

Users won’t see these files because they are hidden in the system and take up very little space on a hard drive, so this additional layer of security doesn’t create any inconvenience.

Machine learning integration

Machine learning brings Acronis Active Protection to a whole new level, especially when it comes to zero-day threats.

It creates a model of legitimate processes, so even if bad actors find a new vulnerability or way to infiltrate the system, it will detect the ransomware’s processes and put a stop to them.

Acronis machine learning infrastructure is built so that new anonymised user data will be uploaded regularly for analysis.

Machine learning not only raises detection level but also reduces any potential false positives as it acts like second authority for heuristics to make a final decision.

Security experts, the FBI and other organisations agree that ransomware attacks will continue to take place more frequently, especially in corporate and small business environments.

As such, organisations need to ensure that they’re equipped to handle such threats because it’s only a matter of time before they’re attacked.

Acronis Disaster Recovery Cloud enables businesses to recover from attacks with minimum downtime, ensuring business continuity.

Why businesses should ban email attachments
"When people are working from an outdated version of a document, they can waste time, make errors, and potentially risk the success of the project they’re working on."
IRD issues more than $80 million of refunds in one week
The first two batches of automatic tax assessments have been successfully issued by Inland Revenue.
Transformation of industry verticals through 5G – Frost & Sullivan
5G has the potential to transform industry verticals through indoor connectivity, but certain key verticals will experience stronger growth than others.
AWS announces the general availability of AWS Ground Station
Once customers upload satellite commands and data through AWS Ground Station, they can supposedly download large amounts of data over the high-speed AWS Ground Station network.
Citrix to extend Workspace to Google Cloud
“In expanding our partnership with Citrix, we can better help these customers with their transformations by enabling them to access and run the applications their businesses depend on anywhere—simply, flexibly and securely.”
Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared.