Ransomware Proof Your Business with CentreStack


Eliminating Ransomware Threats

Many CentreStack users are starting to leverage the platform as a way to make their business ransomware proof and virtually guarantee they'll never have to pay another ransom. In fact, many of our MSP partners are gaining traction by combining CentreStack's productivity benefits with its ability to eliminate the threat of ransomware. For example, they'll use a combination of points like these: 

  • Simpler to Use: More employees are working from and creating VPN support tickets. You are essentially managing each user's home network. CentreStack simplifies remote access and reduces VPN tickets to zero.
  • Better Performance, Management and Security: CentreStack simplifies remote access with WAN optimized drive mapping that allows you to focus on managing the corporate network, is faster than a VPN and has better security and connectivity
  • Ransomware Proof: The platform uses versioning and behavioral heuristics to guarantee you'll never have to pay another ransom. 

The Increasing Threat from Remote Users

One of the salient dangers of the increased prevalence of remote work is that more employees need to remotely access company files from home computers that are not managed by the IT department. These devices are often more easily infected by hackers and will then transmit infections like ransomware through their VPN connections to the corporate network.

This is only one of several reasons that ransomware infections continue to have significant impact on organizations, despite the increasing availability of countermeasures. In 2016, American digital security and backup firm Datto found that ransomware is costing businesses more than $75 billion a year when you include the financial impacts of downtime which can be even more expensive than the ransom itself. In 2020, this cost has grown to $169.8 billion, according to MSSPAlert

That report also estimates an average ransom of $84,000 with about a third of the victims opting to pay the ransom. The frustrating truth is that it’s often easier to just pay the ransom, which is why the criminal activity has become increasingly prevalent and profitable. For example, in the US, ransomware costs are expected to reach $9.4 billion in 2020 but the ransom demands will be about $1.4 billion. 

Some organizations can afford to fight back by refusing to negotiate with data terrorists, but few can withstand the existential threats of taking this high moral ground.

The problem with most countermeasures is that they’re either always playing catchup by trying to recognize the increasing number of ransomware threat patterns in binaries, or they depend on backups which can easily become infected if ransomware remains undetected.

Effective Containment, Not Perfect Detection

CentreStack takes a different approach which guarantees that you’ll never again have to pay a ransom. Instead of trying to scan files to detect ransomware, the platform implements two deceptively simple but elegant work arounds.

1.      File Versioning: Every attempt to write to a file creates a new version of that file.

2.      Containment: Any device which attempts to change too many files in a short time frame is quarantined.

CentreStack’s file versioning allows any user to simply right click on a file to restore an earlier version. So ransomware can never render a file unrecoverable since old versions are never updated. But this kind of recovery can still prove costly if all your files have been infected. And that’s why containment is required to limit the spread of the infection. With containment, the administrator can specify a reasonable threshold for the number of files that a device can attempt to update in a 10 minute window. For example, he might decide that any attempt to update more than 50 files in that time frame should disable further updates from that device until the admin can verify that the updates are coming from a legitimate user and has not been infected with ransomware.

So CentreStack doesn’t depend on preventing ransomware infections, which requires perfection. Instead, the platform assumes that hackers will find ways to infect the system and focuses on limiting the number of files that can be infected and guaranteeing a simple, self-service recovery process.

For more details on CentreStack's ransomware containment policies and recommendations, check out this article: 

https://support.centrestack.com/hc/en-us/articles/360025446774-Antivirus-Ransomware-Policy-Recommendations

Comments

Popular posts from this blog

What's new in this week's CentreStack Release 10.3.6472.43327?

What's new in this week's CentreStack Release 10.2.6335.43041 (February 25th, 2019)

Build 9.9.5832 (September 17, 2018)