Story image

Ransomware threats evolving to attack backup programmes

16 Jul 2018

Security experts today are seeing signs of growing competition between ransomware distributors.

Attackers are starting to probe previously unreached countries, where users may not be prepared for fighting ransomware and where competition among criminals is lower.

Ransomware-as-a-Service is becoming more and more popular, with amateur cybercriminals trying to earn easy money.

Ransomware attacking backup files

The traditional defence against ransomware is having a disaster recovery solution in place, as users can restore their machines to the most recent backup copy before the attack.

This is leading modern cyber criminals to also attack and delete backup programmes and files to remove this as an option for their victims.

One of the few solutions in the market that has taken this into account is the Acronis Disaster Recovery Cloud.

The solution includes Acronis Active Protection, a robust self-defence mechanism that prevents any process in the system other than Acronis software from modifying backup files.

Acronis Australia and New Zealand general manager Neil Morarji says, “Ransomware puts everyone’s data at risk.

“With Acronis’ cyber protection solutions, including Acronis Disaster Recovery Cloud, we’re making ransomware a less viable tool for cyber criminals.”

Better than signature-based threat detection

At the heart of Acronis Active Protection lies a heuristic approach to malware detection that is much more advanced than the traditional, signature-based approach.

While one signature can detect only one sample, heuristics analysis can detect multiple or even hundreds of samples of files that belong to one so-called family (usually similar in behaviour or patterns of actions).

The behavioural heuristics are a chain of actions (file system events, to be precise) done by a program that is then compared with a chain of events in a database of malicious behaviour patterns.

Acronis Active Protection checks any suspicious processes that it detects against the whitelist and blacklist.

Potential ransomware is stopped and placed into the blacklist, which prevents it from starting again on the next reboot.

This is important because the user does not have to repeat the process of blocking the ransomware all over again next time starts the machine.

Laying the bait

The Acronis Active Protection feature includes specially crafted honeypots used to find and disarm ransomware.

Like a bee is drawn to honey, ransomware is often looking for certain types of files.

If these types of files into controlled directories, you can catch and isolate the ransomware.

Because these directories are controlled by Acronis Active Protection, the infection can’t spread.

Users won’t see these files because they are hidden in the system and take up very little space on a hard drive, so this additional layer of security doesn’t create any inconvenience.

Machine learning integration

Machine learning brings Acronis Active Protection to a whole new level, especially when it comes to zero-day threats.

It creates a model of legitimate processes, so even if bad actors find a new vulnerability or way to infiltrate the system, it will detect the ransomware’s processes and put a stop to them.

Acronis machine learning infrastructure is built so that new anonymised user data will be uploaded regularly for analysis.

Machine learning not only raises detection level but also reduces any potential false positives as it acts like second authority for heuristics to make a final decision.

Security experts, the FBI and other organisations agree that ransomware attacks will continue to take place more frequently, especially in corporate and small business environments.

As such, organisations need to ensure that they’re equipped to handle such threats because it’s only a matter of time before they’re attacked.

Acronis Disaster Recovery Cloud enables businesses to recover from attacks with minimum downtime, ensuring business continuity.

Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."