

The massive worldwide wave of ransomware attacks of May 12, 2017, instantly turned a once relatively obscure malware threat into screaming headline news and an urgent security concern for global leaders. The so-called WannaCry variant of ransomware, weaponized into deadly virulence with an exploit stolen from the USA’s National Security Agency, exploded through 99 countries, bringing down hospitals in the UK and telecoms operations in Spain. If the threat of ransomware wasn’t on your radar yesterday, it is today. And if you are scrambling for answers, Acronis already offers the single best defense against ransomware attacks, including WannaCry: Acronis Backup 12.5 with Active Protection™, which proactively exterminates ransomware and automatically, instantly restores any damaged data.

How Ransomware Works

For the uninitiated, ransomware is a computer virus that infects a PC, server or mobile device, usually when an unwary email user clicks on a link or opens an attachment. The malware quietly locks up the victim’s files with unbreakable encryption, then displays a ransom note: “Make a payment [typically several hundred dollars, sometimes thousands] in Bitcoin to this online account, and you will receive the decryption key to recover your files. Refuse to pay, and your files will remain encrypted or even be deleted.” Sophisticated variants have worm capabilities that allow them to spread to other PCs and servers, the infection multiplying geometrically as each newly-compromised machine launches attacks on many new targets.

WannaCry’s Target: Microsoft Networking Protocols

WannaCry, also known as WannaCrypt, WanaCrypt0r 2.0, and Wanna Decryptor, exploited a vulnerability in Server Message Block (Microsoft’s file-sharing protocol) that was only recently discovered and thus many businesses had not yet patched. That vulnerability, combined with a weapons-grade worm developed by the NSA and exposed in the recent ShadowBrokers leak, enabled WannaCry to multiply and spread with astonishing speed, carving a path of destruction around the world in under 24 hours.

Ticketing machine affected by WannaCry ransomware. Source: @GossiTheDog



Defending Against WannaCry and Other Ransomware Variants

To defend against ransomware, Acronis has long advocated the use of data protection: if you keep your files backed up with diversity of storage media and locations, you can quickly restore a ransomware-encrypted computer to its pre-infection state. You might lose a few hours’ or days’ worth of work, but you won’t have to pay the ransom. Acronis also self-protects its backup copies, which ransomware commonly targets in order to sabotage restoral efforts. Earlier this year, Acronis went a critical step further, introducing Active Protection to our data protection solutions.

This unique, patented technology uses heuristic analysis and machine learning to intelligently detect and block a ransomware attack, then instantly restore any data that was encrypted. In other words, it actively identifies the suspicious file activities common to all ransomware attacks and immediately terminates the offending processes. Local caching enables it to restore the handful of files that were encrypted before the attack was detected and extinguished. As important, Active Protection detects and vanquishes attacks based on zero-day exploits (vulnerabilities whose existence is largely unknown) that evade signature-based defenses like anti-virus.



Acronis Active Protection technology blocks ransomware and recovers encrypted files.



While WannaCry has made the general public abruptly aware of ransomware, it’s merely the latest in a series of variants that began plaguing businesses and consumers years ago. Ransomware gangsters extorted over $1B from victims last year; some 47% of businesses suffered at least one ransomware attack. While it may be tempting to simply pay the ransom, it’s a bad wager: one in five victims who pay never receive the promised remedy, and paying does nothing to deter further attacks. Caving to ransomware extortion only encourages the criminals and further funds their development efforts. You must either build a defense, or inevitably become a repeat victim.

The Next Threats after WannaCry

What WannaCry vividly demonstrates is that ransomware crooks are continually upping their game. The rise of ransomware-as-a-service, in which malware coders enlist armies of unskilled criminals to infect target machines — much like the legitimate software-as-a-service industry distributes its legal products to consumers -- provides further evidence of the growing sophistication and reach of this rapidly-expanding threat.

Friday’s malware cataclysm will force many previously unwary or indifferent businesses to finally take the threat of ransomware seriously. IT security professionals will recommend a multilayered, defense-in-depth approach: maintain a rigorous backup regimen; scrupulously patch known vulnerabilities in operating systems and applications; deploy endpoint security measures like anti-virus and keep their signature databases current; segment networks with firewalls and VLANs to prevent worm propagation; and educate users to be alert to infiltration vectors like dubious email links and attachments, virus-bearing websites, malicious online ads, and infected USB drives.

Acronis recommends that you take all of these steps. But if you want to feel truly secure that your business data is safe from ransomware extortionists – even against attacks with the breathtakingly lethal refinement of WannaCry -- you have only one foolproof solution. You need tightly-integrated active and passive data protection that stops ransomware in its tracks (even variants using zero-day exploits), automatically repairs ransomware-damaged files, and protects your backup copies from destruction: Acronis Backup 12.5 with Active Protection™.

If you recognize the enormous business opportunity in protecting your customers against ransomware and want to become a reseller of Acronis products and services, register here.

How to Protect Yourself against Ransomware

To protect your PCs, servers and mobile devices against ransomware attacks, you should: