Ransomware has been wreaking havoc for years, locking up data and decrypting and releasing it only when money is paid, usually through Bitcoin. Like any successful malware, new variants are based on the old ones, making it a snap for even amateur-hour hackers to tweak an old exploit and unleash it as new.
For Universities, ransomware presents unique and problematic challenges. For a ransomware attack to be successful, all it takes is one unpatched system on the network. The combination of students, faculty, staff, and visitors coming and going on the campus network, coupled with a preponderance of legacy systems, makes universities particularly vulnerable to ransomware attacks.
Consider the recent ransomware attack, Petya, whose most notable victims thus far have included banks, airports, the metro in Kiev, and even Chernobyl radiation detectors. With the malware still very much in the wild, this is only the beginning.
The sad part is that this exploit was completely preventable and easily avoided. Petya is based on the WannaCry ransomware attack, which hit full force in mid-May. WannaCry goes after a hole in older versions of Windows. The U.S. National Security Agency (NSA) used this vulnerability for its own cyber-efforts — which a WikiLeaks data dump disclosed, offering hackers an easy-to-follow blueprint.
Smart end users and organizations patch their systems, and indeed, Microsoft has a patch that plugs this hole. Unfortunately, the complexity of patching numerous computers in disparate locations campus-wide as well as off-network results in many institutions not patching as regularly or as comprehensively as they should.
The reality is most successful exploits are against unpatched systems. Hackers love to take shortcuts and the patching process offers a perfect opportunity; just like the NSA leak offered an architectural blueprint for how to exploit the Windows’ hole that Petya jumps through.
Petya Will Really Make You WannaCry
Petya adds some sinister elements to what WannaCry offered. For one, iPetya knows how to mine endpoints for passwords and uses these credentials to spread to other devices.
Petya can also be spread by taking advantage of machines with admin rights, similar to an elevation-of-privilege attack.
Three Ways to Avoid the Pain
Ransomware is serious stuff, but its most pernicious effects are easily avoided if you take three basic steps to protect your operation.
- Patch your computers. Patching is 100-percent essential, but you cannot rely on end-user vigilance or manual IT means. You need an automated patching solution so patches are installed when they become available – on all endpoints and servers.
- Maintain an antivirus and anti-malware solution. With proper security protection across all of your systems, incursions such as WannaCry will be spotted, blocked, and purged. Like patching, an automated solution that installs and updates security across all of your systems is essential.
- Be Smart about backup. Ransomware works by holding your data hostage. For those with no backup, an encrypted and locked hard drive is a disaster. If you have a current backup, it is only a nuisance. The best solution is an automated tool that backs up all of your systems to the cloud, where it remains safe until you need that data back.
With Kaseya VSA you can handily accomplish this. VSA provides unified visibility for on-network and off-network devices and users. Its unique agent architecture enables full management capabilities of all features without requiring devices be on-network so that you can support your entire environment without limitations like additional hardware needs.
Administration of VSA is a simple. Endpoints, including Macs, can be patched automatically and completely. With VSA, other functions, including software management, backup, antivirus, anti-malware, and policy management, can be accomplished with a much lower technician-to-endpoint ratio despite the complexity of networks that span buildings, campuses and homes, and consist of thousands of diverse on and off-network devices.
Cloud Backup to the Rescue
Cloud backup provides another layer of security. A cloud backup solution that can automatically and regularly copy your files turns a ransomware attack from a major headache into a minor nuisance. With the right cloud backup solution, restoration is a snap, as the data is resting comfortably in the cloud just waiting for you to access it.
Kaseya Cloud Backup, powered by Acronis, lets you back up and recover every machine you manage on-premises or in the cloud – all from one place. By leveraging the power of Kaseya VSA with Kaseya Cloud Backup, you can quickly define backup policies by organization, machine group, or device type. Create as many policies as you need to simplify managing the backup requirements of the entire set of infrastructures under your control and ensure you are meeting all compliance procedures.
Changes in standard policy procedures can be applied to multiple machines and environments with a few simple clicks. In addition, you can create policies in VSA to restart failed backups automatically, shut down machines prior to backing up, and resolve many other problems that commonly occur during routine backup processes.
Learn more about how Kaseya Cloud Backup can help your University.
About the Author: Frank Tisellano II is the General Manager at Kaseya where he previously held the role of Sr. Director, Product Management.