Transcript
Protect Against WannaCry, a Ransomware “Weapon of Mass Destruction” Massive. Unprecedented. A weapon of mass destruction. That’s how cyber security experts describe the ransomware worm, WannaCry that has shaken organizations the world over. To date, hundreds of thousands of computers in 150 countries have been crippled, from healthcare systems in the UK to universities across Asia—and the threat isn’t over. Now, new WannaCry variants are being detected—variants lacking the kill switch that mitigated the harm of their original. How can you address your WannaCry threat?
Immediately address your Windows vulnerability Malicious actors have exploited the known Microsoft vulnerability, EternalBlue, underscoring the importance of immediately installing security patches and maintaining supported software and operating systems. As such, we recommend organizations: •
Continue to install new security patches
•
Upgrade to a supported version of Microsoft OS
•
Patch Arcserve UDP Appliances and RPS servers
•
Block legacy protocols, like SMBv1, to protect against future evolutions of the malware
•
Promptly patch their systems with Microsoft’s MS17-010 security update
Don’t pay the ransom Manual decryption by attackers is required in the case of WannaCry. Given the intense search for those responsible, ransom payments are expected to remain untouched in Bitcoin addresses and requests for decryption to go unanswered. That said, files stored outside of Desktop, Documents, or removable media may still be recoverable using the undelete tool.
Assess your backup and disaster recovery strategy WannaCry has drawn the critical need for ransomware remediation into sharp focus. As such, we recommend all organizations take immediate steps to ensure they’re empowered to successfully backup and recover their data: •
Examine your RPOs and RTOs.
•
Confirm all data sources are backed up.
Ensure your critical systems are backed up as
Identify any servers or sources of data missing from
frequently as possible, and that system recovery
your data protection plan and apply the correct level
will deliver against your business requirements.
of data availability to ensure they’re recoverable.
•
•
Access the backup server as a user.
•
The 3-2-1 rule.
When logging into your secure server, make sure
Store at least three different copies of your data on
you’re logging in as a user, not as an administrator.
two different media, with at least one copy stored
Never use your administrator account when opening
offsite. It’s critical that your backup strategy features
email or searching the web.
redundancies and leverages storage options not vulnerable to attack—like tape, offline disk, and cloud.
Protect the protector. Make sure your backup files are stored on a secure
•
Practice the principle of least privilege.
server with access limited only to those that
When configuring accounts, only grant the degree of
absolutely require it. These files are your best chance
access privileges absolutely required by each role.
at remediation, so ensure they’re secure.
Real-world ransomware recovery “The last ransomware attack was unbelievably major. It hit 45 different servers, spread itself, and just went crazy. The executive suite actually moved into my office for a period of time, if that tells you anything.” With Arcserve UDP, the IT network administrator was able to swiftly restore the backup from the previous evening, sidestepping a $30,000 ransom.
Circumvent ransom demands with Arcserve Unified Data Protection Relied upon by 48,000+ customers in 150 countries around the world, award-winning Arcserve UDP delivers the enterprise-grade capabilities and ease-of-use required by small and overstretched IT teams. Get the unparalleled flexibility you need to recover from both massive ransomware attacks and ordinary, everyday disasters, while meeting the unique needs of your business: •
Effortlessly deploy Arcserve as a software,
•
appliance, or cloud solution •
•
coverage as your organization grows—from 1TB to 1PB, and beyond
Protect physical and virtual data, no matter where it lives—onsite, offsite, offline, and in the cloud
•
Instantly stand-up critical applications with virtual standby or Instant Virtual Machine
Easily identify actual RPOs and RTOs, set-up automated testing, and identify unprotected
Seamlessly scale your backup and recovery
•
machines with Assured Recovery capabilities
Recover your data from file-based and image-based backups, or continuously available solutions
And, do it all from a single, elegantly simple management console
Ensure you’re protected Contact your Arcserve representative or call +1 844 639 6792 to get started today For more information on Arcserve, please visit arcserve.com
