No-Brainer Ransomware DefensesBackup, Recovery and Common Sense Essentials via ESET's Mark James
"The only effective solution for ransomware is backup ... and disaster recovery," says Mark James, an IT security specialist at security firm ESET.
Even with verified, offline backups to hand, and the ability to rapidly restore systems, organizations may still need to take affected PCs or servers offline for some period of time. But the alternative, James says, involves the ethically dubious - at best - prospect of paying ransom money to criminals and trusting that they will indeed then share decryption keys for crypto-locked systems (see Please Don't Pay Ransoms, FBI Urges).
Furthermore, there can be additional challenges. For example, some security firms may be trying to scuttle the exact same infrastructure that's meant to shake down ransomware victims. "Our job is ... to shut down the very servers that are going to distribute the malware, and in doing so, part of that might be shutting down these end servers, which you're looking at to try and get your decryption keys, or your means to decrypt the data and get back up and running again," James says.
In this interview with Information Security Media Group conducted at the Infosec Europe conference in London, James also details:
- The difference between maintaining backups, versus running an effective backup and disaster recovery program;
- The need for global enterprise policies and rule sets to lock down unnecessary, outdated or disused applications and plug-ins on PCs;
- Why solving the ransomware problem will require more than just technology solutions.
James is an IT security specialist for ESET UK. He has worked at the company since 1999 and prior to his role as security specialist, James was the technical team leader, managing the ESET help desk team that offers technical support to customers. He has been working in the IT industry for 25 years and has held many roles, covering such domains as network management, infrastructure systems design and integration.