SlideShare a Scribd company logo

Ransomware Mitigation Through Virtual Replication

Download as PPTX, PDF
Hostway|HOSTING
Hostway|HOSTING

Ransomware attacks are a growing threat. Zerto provides a virtual replication solution that allows recovery of encrypted files and applications within minutes through continuous replication of changes at the block level. The presentation demonstrated how Zerto can minimize the impact of a ransomware infection by recovering files from seconds before encryption occurred. It also discussed how Zerto helps users prove compliance with regulations by enabling testing and reporting of disaster recovery capabilities.

Technology
1 of 29
Presented by HOSTING and Zerto Ransomware: Mitigation Through Preparation
PRIVATE AND CONFIDENTIAL • This webinar is being recorded and an on-demand version will be available at the same URL at the conclusion of the webinar • Please submit questions via the button on the bottom left of the viewer – If we don’t get to your question during the webinar, we will follow up with you via email • Download related resources via the “Attachments” button above the viewing panel • On Twitter? Join the conversation: #ransomware @Zerto and @HOSTINGdotcom Housekeeping 2
PRIVATE AND CONFIDENTIAL Ed Schaefer Director of Cloud Services HOSTING since 2007 eschaefer@hosting.com @schaeferej Donal Farrell Cloud Architect Zerto Our Speakers: 3
PRIVATE AND CONFIDENTIAL • The risk vector • Securing & protecting best practices • Current data protection & recovery solutions • The Zerto revolution • Recovering from the infection in minutes • Hosting.com Demo Agenda 4
PRIVATE AND CONFIDENTIAL Cloud Replication Services since 2012 • Consultative DR plan development • Guided Live and Test DR exercises • Solutions for every use case – Daily Backups – Long term Backup storage – Continuous Replication • Platform Native (Active Directory, SQL Server AlwaysOn) • Zerto Virtual Replication DRaaS at HOSTING 5
PRIVATE AND CONFIDENTIAL CRS with Site Recovery Manager 6
PRIVATE AND CONFIDENTIAL Why Zerto? 7
PRIVATE AND CONFIDENTIAL Ransomware Infections 8
PRIVATE AND CONFIDENTIAL Big In The News 9
PRIVATE AND CONFIDENTIAL 10 50k+ A Global Problem - Worldwide infections 150k+ 50k+ 5k+ 5k+ 50k+ 50k+ 5k+ 1k+
PRIVATE AND CONFIDENTIAL How Does it Work? 1. The victim is compromised by a phishing scam or exploit kit which downloads Cryptowall4 (NOV 15) 2. Binary is downloaded and executed 3. Injected into explorer.exe 4. Makes itself persistent copies to %AppData% and registry run key 5. Injecting in svchost (main malware logic) 6. Downloads RSA Public encryption key from C2 server 7. Files are encrypted with a random AES encryption from C2 server 8. RSA key is used to encrypt that AES Key 9. Displays the ransomware in 3 formats, png, text and HTML Public key Get keys 27p9k967z.x1nep
PRIVATE AND CONFIDENTIAL • Most ransomware uses extremely strong crypto • Cryptowall 4 is not perfect….BUT • If a strong firewall or IPS is able to intercept and block the CryptoWall 4 packets, the infection will not continue. • RSA key cannot be downloaded • All security companies bottom line is “Have a good recovery strategy” Can It Be Broken?
PRIVATE AND CONFIDENTIAL • 60% of attacks demanded over $1000 • 63% of attacks took more than a day to remediate • Email is the most popular entry point • 40% of attacks hit multiple endpoints • 80% of US organizations hit • 96% of US organizations NOT CONFIDENT IN RESTORE CAPABILITY Google Search – “malwarebytes international study”
PRIVATE AND CONFIDENTIAL Stopping Infections 14 Users, IT Dept, External - Train users & IT - Anti-virus/malware - Restrict domain admins - Change control - Isolated external users - Software restriction policies Recommendations - Audit file shares - Audit permissions - Apply read-only - Firewall policies - User VLANs - Honey trap & alerting Disks, Network - Secure entry points - Filter web traffic - Scan email attachments - Block USB devices - Isolated BYOD - No web access on VMs Web, Email, USB, BYOD
PRIVATE AND CONFIDENTIAL Typical Data Protection Solutions 15 06:00 09:00 15:00 Backup 12:00 Snapshot Snapshot 12:00 18:00 Snapshot Power Interruption or Hardware Failure Cryptolocker Virus Infection File deletion, Application or Human error = Data Loss & Downtime 24h+ 4h+
PRIVATE AND CONFIDENTIAL Zerto Virtual Replication 16 Minimize impact, re-wind and recover from any point in time 06:00 09:00 18:0000:00 12:00 15:00 2 week Journal * * Sites Apps FilesVMs
PRIVATE AND CONFIDENTIAL How Zerto Revolutionized Disaster Recovery 17 Zerto Hypervisor Based Replication Replication was in the wrong place – the physical layer The first Enterprise-class, Software-Defined Replication & Recovery Automation solution Hypervisor Security Networking Servers Storage Replication
PRIVATE AND CONFIDENTIAL 18 Scale-out architecture, security hardened Virtual Replication Appliance Compression, throttling, resilience Prod Site vCenter VM VM VM VRA VM VM VM VRA DR Site vCenter VM VM VM VRA VM VM VM VRA WAN/VPN VM-Level Replication ZVM ZVM VM block-level changes Always-on Replication, Data loss = Seconds No snapshots, scheduling, impact, storage Management & Orchestration 1 x Zerto Virtual Manager per vCenter/SCVMM Windows VM, restrict ports Storage-agnostic replication Replica VM & Compressed Journal vDisks Journal 1 hour to 2 weeks max, 7-10% space vDisk vDisk vDisk How Zerto Works
PRIVATE AND CONFIDENTIAL Enterprise Application Architectures 19 VM VM VM VMVM VM VMVM VM Firewall Load Balancers VM VM VM Web Servers File Servers Index Servers Database Servers
PRIVATE AND CONFIDENTIAL Consistent Protection & Recovery 20 • Simple, scalable, protection & recovery of VMs, not LUNs • Recover multi-VM application stacks together • Point in time recovery, write ordering & application consistency • Prioritize replication, pre-seeding, reduce initial sync • Support virtualization features vMotion, svMotion, HA etc Production Site Enterprise Applications VM VM VM VM vDisk vDisk CRM, ERP, SQL, Oracle, SharePoint, Exchange CRM VPG VM VM VM VM VM SQL VPG VM VM VM VM VM VM VM VM VM vDisk vDiskvDisk VM RPO 4 seconds RPO 9 seconds ERP VPG RPO 6 secondsVM VM VM VM VM • LUN Consistency Group evolved = Virtual Protection Group VM VM VM vDisk VM vDisk VM VM VM VM vDisk vDisk vDisk vDisk vDisk
PRIVATE AND CONFIDENTIAL Recovering From Cryptolocker In Minutes 21 Disaster Event! Click Failover Select Apps Verify Start Failover Recovery Process:
PRIVATE AND CONFIDENTIAL Virtual Awareness and Integration 22 Hypervisor integrated Real-time Dashboard Service level driven Role Based Access Control Single Solution for BC/DR REST API automation Ensure compliance DR Test Reporting Prove recovery capability
PRIVATE AND CONFIDENTIAL Recovering Individual Files & Folders in Minutes 23 Select VM Restore Request File server data Application files SQL databases Oracle databases Exchange databases Select Files & Folders Browser download Instant-access on ZVM Mount network share Data restored from seconds before Restore Anywhere Disks mounted No agent or impact Select point in time
PRIVATE AND CONFIDENTIAL Proving Compliance and Removing Risk 24 • PCI • ISO • SOX • HIPAA • SEC Testing Regulations
PRIVATE AND CONFIDENTIAL Proving Compliance and Removing Risk 25 • PCI • ISO • SOX • HIPAA • SEC Testing Regulations
PRIVATE AND CONFIDENTIAL Proving Compliance and Removing Risk 26 • PCI • ISO • SOX • HIPAA • SEC Testing Regulations
PRIVATE AND CONFIDENTIAL DEMO 27
PRIVATE AND CONFIDENTIAL Ransomware Infection: • Real screenshot from end user PC • Encrypted files on all user mapped shares with edit permissions Real-world Zerto Customer Story 28 Response: • PC was isolated from the network • Used ZVR to recover files from minutes before • No need to re-create files or accept data loss from using backup • No ransom paid • Impact minimized!
PRIVATE AND CONFIDENTIAL Zerto Feature Summary 30 Install in Minutes Simple Scalable Software Click to Test, Failover, Migrate RTO = Minutes, Prove Compliance Journal Based Protection Reduce impact, recover & re-wind No Snapshots Always-on, RPO = Seconds Consistency Groupings Storage & Hypervisor Agnostic For On-Premise DR & DRaaS Enterprise-Class Disaster Recovery Software Hypervisor-based Virtual Aware Powerful Data Protection & Recovery Strategic BC/DR Platform

Recommended

Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is tickingManoj Kumar Mishra
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing RansomwareNapier University
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionMohammad Yahya
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceZubair Baig
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 

Recommended

Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is tickingManoj Kumar Mishra
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing RansomwareNapier University
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
Ransomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionRansomware - Impact, Evolution, Prevention
Ransomware - Impact, Evolution, PreventionMohammad Yahya
 
Ransomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceRansomware: Emergence of the Cyber-Extortion Menace
Ransomware: Emergence of the Cyber-Extortion MenaceZubair Baig
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Ransomware
RansomwareRansomware
RansomwareAkshita Pillai
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokeshLokesh Bysani
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Roger Hagedorn
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)phexcom1
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationWhiskeyNeon
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার Titas Sarker
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
Ransomeware
RansomewareRansomeware
RansomewareAbul Hossain Ripon
 
Cryptolocker Ransomware Attack
Cryptolocker Ransomware AttackCryptolocker Ransomware Attack
Cryptolocker Ransomware AttackKeval Bhogayata
 
Ransomware
RansomwareRansomware
RansomwareChaitali Sharma
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attacki-engage
 
Ransomware
RansomwareRansomware
RansomwareNick Miller
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Aaron Lancaster
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017Thesis Scientist Private Limited
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachGowling WLG
 
Ransomware
RansomwareRansomware
Ransomwarem3 Networks Limited
 
Ransomware - Mark Chimely
Ransomware - Mark ChimelyRansomware - Mark Chimely
Ransomware - Mark ChimelyIISPEastMids
 
NTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & MitigationNTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & MitigationNorth Texas Chapter of the ISSA
 

More Related Content

What's hot

Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessCalyptix Security
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokeshLokesh Bysani
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Roger Hagedorn
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)phexcom1
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationWhiskeyNeon
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার Titas Sarker
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareSymantec
 
Cryptolocker Ransomware Attack
Cryptolocker Ransomware AttackCryptolocker Ransomware Attack
Cryptolocker Ransomware AttackKeval Bhogayata
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attacki-engage
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataInderjeet Singh
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Aaron Lancaster
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachGowling WLG
 

What's hot (20)

Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
Ransomware
RansomwareRansomware
Ransomware
 
Ransomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT businessRansomware: How to avoid a crypto crisis at your IT business
Ransomware: How to avoid a crypto crisis at your IT business
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
 
Ransomware by lokesh
Ransomware by lokeshRansomware by lokesh
Ransomware by lokesh
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
 
The rise of malware(ransomware)
The rise of malware(ransomware)The rise of malware(ransomware)
The rise of malware(ransomware)
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & Mitigation
 
র‌্যানসমওয়্যার
র‌্যানসমওয়্যার র‌্যানসমওয়্যার
র‌্যানসমওয়্যার
 
WHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of RansomwareWHITE PAPER▶ The Evolution of Ransomware
WHITE PAPER▶ The Evolution of Ransomware
 
Ransomeware
RansomewareRansomeware
Ransomeware
 
Cryptolocker Ransomware Attack
Cryptolocker Ransomware AttackCryptolocker Ransomware Attack
Cryptolocker Ransomware Attack
 
Ransomware
RansomwareRansomware
Ransomware
 
What is wanna cry ransomware attack
What is wanna cry ransomware attackWhat is wanna cry ransomware attack
What is wanna cry ransomware attack
 
Ransomware
RansomwareRansomware
Ransomware
 
Ransomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your DataRansomware- What you need to know to Safeguard your Data
Ransomware- What you need to know to Safeguard your Data
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
 
Ransomware
RansomwareRansomware
Ransomware
 

Viewers also liked

Ransomware - Mark Chimely
Ransomware - Mark ChimelyRansomware - Mark Chimely
Ransomware - Mark ChimelyIISPEastMids
 
Cloud computing and health care - Facing the Future
Cloud computing and health care - Facing the FutureCloud computing and health care - Facing the Future
Cloud computing and health care - Facing the FutureJerry Fahrni
 
How to recover from ransomware
How to recover from ransomwareHow to recover from ransomware
How to recover from ransomwareDatabarracks
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Dissecting Cryptowall
Dissecting CryptowallDissecting Cryptowall
Dissecting CryptowallCyphort
 
The Sensing Enterprise: Towards the Next Generation Dynamic Virtual Organisa...
The Sensing Enterprise: Towards the Next Generation Dynamic Virtual Organisa... The Sensing Enterprise: Towards the Next Generation Dynamic Virtual Organisa...
The Sensing Enterprise: Towards the Next Generation Dynamic Virtual Organisa...Milan Zdravković
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Cloud Computing in Healthcare IT
Cloud Computing in Healthcare ITCloud Computing in Healthcare IT
Cloud Computing in Healthcare ITMahindra Satyam
 
KPIs: Aligning Your IT and Business Objectives
KPIs: Aligning Your IT and Business ObjectivesKPIs: Aligning Your IT and Business Objectives
KPIs: Aligning Your IT and Business ObjectivesHostway|HOSTING
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Proofpoint
 
Virtual organisations.
Virtual organisations. Virtual organisations.
Virtual organisations. Aijaz Sawar
 
Nokia's downfall
Nokia's downfallNokia's downfall
Nokia's downfallnooramingad
 

Viewers also liked (20)

Ransomware - Mark Chimely
Ransomware - Mark ChimelyRansomware - Mark Chimely
Ransomware - Mark Chimely
 
NTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & MitigationNTXISSACSC4 - Ransomware: History Analysis & Mitigation
NTXISSACSC4 - Ransomware: History Analysis & Mitigation
 
Transforming Healthcare Delivery with Cloud Computing
Transforming Healthcare Delivery with Cloud ComputingTransforming Healthcare Delivery with Cloud Computing
Transforming Healthcare Delivery with Cloud Computing
 
Cloud computing and health care - Facing the Future
Cloud computing and health care - Facing the FutureCloud computing and health care - Facing the Future
Cloud computing and health care - Facing the Future
 
How to recover from ransomware
How to recover from ransomwareHow to recover from ransomware
How to recover from ransomware
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Dissecting Cryptowall
Dissecting CryptowallDissecting Cryptowall
Dissecting Cryptowall
 
What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?
 
The Sensing Enterprise: Towards the Next Generation Dynamic Virtual Organisa...
The Sensing Enterprise: Towards the Next Generation Dynamic Virtual Organisa... The Sensing Enterprise: Towards the Next Generation Dynamic Virtual Organisa...
The Sensing Enterprise: Towards the Next Generation Dynamic Virtual Organisa...
 
Ransomware
Ransomware Ransomware
Ransomware
 
Cloud computing in healthcare
Cloud computing in healthcareCloud computing in healthcare
Cloud computing in healthcare
 
Decision making
Decision makingDecision making
Decision making
 
Cloud Computing in Healthcare IT
Cloud Computing in Healthcare ITCloud Computing in Healthcare IT
Cloud Computing in Healthcare IT
 
KPIs: Aligning Your IT and Business Objectives
KPIs: Aligning Your IT and Business ObjectivesKPIs: Aligning Your IT and Business Objectives
KPIs: Aligning Your IT and Business Objectives
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
 
Role of Information Technology in Decision Making
Role of Information Technology in Decision MakingRole of Information Technology in Decision Making
Role of Information Technology in Decision Making
 
Virtual organisations.
Virtual organisations. Virtual organisations.
Virtual organisations.
 
Nokia's downfall
Nokia's downfallNokia's downfall
Nokia's downfall
 
Failure of nokia
Failure of nokiaFailure of nokia
Failure of nokia
 
Nike Ppt[1]
Nike Ppt[1]Nike Ppt[1]
Nike Ppt[1]
 

Similar to Ransomware Mitigation Through Virtual Replication

Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing SecurityGurbir Singh
 
Veeam: Cybersecurity protection solutions through Backup and Availability
Veeam: Cybersecurity protection solutions through Backup and AvailabilityVeeam: Cybersecurity protection solutions through Backup and Availability
Veeam: Cybersecurity protection solutions through Backup and AvailabilityNext Dimension Inc.
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationGraeme Wood
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityLai Yoong Seng
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryBlack Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryTim Mackey
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud EnvironmentShapeBlue
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server securityxband
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Securityxband
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015NetSPI
 
Webinar: What's Wrong with DRaaS and How to Fix it
Webinar: What's Wrong with DRaaS and How to Fix itWebinar: What's Wrong with DRaaS and How to Fix it
Webinar: What's Wrong with DRaaS and How to Fix itStorage Switzerland
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementBlack Duck by Synopsys
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Amazon Web Services
 
Ransomware Defense and Remediation with Pure Storage.
Ransomware Defense and Remediation with Pure Storage.Ransomware Defense and Remediation with Pure Storage.
Ransomware Defense and Remediation with Pure Storage.SoulStoneBR
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsOpenDNS
 

Similar to Ransomware Mitigation Through Virtual Replication (20)

Ransomeware Recovery by Veeam
Ransomeware Recovery by VeeamRansomeware Recovery by Veeam
Ransomeware Recovery by Veeam
 
Steve Porter : cloud Computing Security
Steve Porter : cloud Computing SecuritySteve Porter : cloud Computing Security
Steve Porter : cloud Computing Security
 
Veeam: Cybersecurity protection solutions through Backup and Availability
Veeam: Cybersecurity protection solutions through Backup and AvailabilityVeeam: Cybersecurity protection solutions through Backup and Availability
Veeam: Cybersecurity protection solutions through Backup and Availability
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and Availability
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
 
Data Center Server security
Data Center Server securityData Center Server security
Data Center Server security
 
Advanced Threat Defense Intel Security
Advanced Threat Defense Intel SecurityAdvanced Threat Defense Intel Security
Advanced Threat Defense Intel Security
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
 
Webinar: What's Wrong with DRaaS and How to Fix it
Webinar: What's Wrong with DRaaS and How to Fix itWebinar: What's Wrong with DRaaS and How to Fix it
Webinar: What's Wrong with DRaaS and How to Fix it
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro
 
Ransomware Defense and Remediation with Pure Storage.
Ransomware Defense and Remediation with Pure Storage.Ransomware Defense and Remediation with Pure Storage.
Ransomware Defense and Remediation with Pure Storage.
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower Costs
 

More from Hostway|HOSTING

Compliance-as-a-Crisis: Managing Cloud Compliance
Compliance-as-a-Crisis: Managing Cloud ComplianceCompliance-as-a-Crisis: Managing Cloud Compliance
Compliance-as-a-Crisis: Managing Cloud ComplianceHostway|HOSTING
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsHostway|HOSTING
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Hacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHostway|HOSTING
 
5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be Repeated5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be RepeatedHostway|HOSTING
 
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You SignCaveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You SignHostway|HOSTING
 
Cloud Migration: Tales from the Trenches
Cloud Migration: Tales from the TrenchesCloud Migration: Tales from the Trenches
Cloud Migration: Tales from the TrenchesHostway|HOSTING
 
Protecting Against Disaster: Plan for the Inevitable Before it Happens
Protecting Against Disaster: Plan for the Inevitable Before it HappensProtecting Against Disaster: Plan for the Inevitable Before it Happens
Protecting Against Disaster: Plan for the Inevitable Before it HappensHostway|HOSTING
 
Don’t Get Caught with An Out of Support MS SQL Server…
Don’t Get Caught with An Out of Support MS SQL Server…Don’t Get Caught with An Out of Support MS SQL Server…
Don’t Get Caught with An Out of Support MS SQL Server…Hostway|HOSTING
 
Content Delivery in an On-Demand Age
Content Delivery in an On-Demand AgeContent Delivery in an On-Demand Age
Content Delivery in an On-Demand AgeHostway|HOSTING
 
High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
High Performance Security: Mitigating DDoS Attacks Without Losing Your EdgeHigh Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
High Performance Security: Mitigating DDoS Attacks Without Losing Your EdgeHostway|HOSTING
 
Finding Success with Managed Services in the Azure Environment
Finding Success with Managed Services in the Azure EnvironmentFinding Success with Managed Services in the Azure Environment
Finding Success with Managed Services in the Azure EnvironmentHostway|HOSTING
 
DR in the Cloud: Finding the Right Tool for the Job
DR in the Cloud: Finding the Right Tool for the JobDR in the Cloud: Finding the Right Tool for the Job
DR in the Cloud: Finding the Right Tool for the JobHostway|HOSTING
 
Safeguarding PCI Data in the Cloud
Safeguarding PCI Data in the CloudSafeguarding PCI Data in the Cloud
Safeguarding PCI Data in the CloudHostway|HOSTING
 
Understanding Your Cloud Service Provider’s BAA
Understanding Your Cloud Service Provider’s BAAUnderstanding Your Cloud Service Provider’s BAA
Understanding Your Cloud Service Provider’s BAAHostway|HOSTING
 
How to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security DollarHow to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security DollarHostway|HOSTING
 
Azure: Finding Success Beyond Test/Dev
Azure: Finding Success Beyond Test/DevAzure: Finding Success Beyond Test/Dev
Azure: Finding Success Beyond Test/DevHostway|HOSTING
 
New Business Models in Behavioral Health IT
New Business Models in Behavioral Health ITNew Business Models in Behavioral Health IT
New Business Models in Behavioral Health ITHostway|HOSTING
 
Introducing HOSTING Labs - Ed Schaefer
Introducing HOSTING Labs - Ed Schaefer Introducing HOSTING Labs - Ed Schaefer
Introducing HOSTING Labs - Ed Schaefer Hostway|HOSTING
 
Event Sponsor ScienceLogic - CTO Antonio Piraino
Event Sponsor ScienceLogic - CTO Antonio Piraino Event Sponsor ScienceLogic - CTO Antonio Piraino
Event Sponsor ScienceLogic - CTO Antonio Piraino Hostway|HOSTING
 

More from Hostway|HOSTING (20)

Compliance-as-a-Crisis: Managing Cloud Compliance
Compliance-as-a-Crisis: Managing Cloud ComplianceCompliance-as-a-Crisis: Managing Cloud Compliance
Compliance-as-a-Crisis: Managing Cloud Compliance
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite Things
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Hacking Airwaves with Pineapples
Hacking Airwaves with PineapplesHacking Airwaves with Pineapples
Hacking Airwaves with Pineapples
 
5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be Repeated5 Cloud Migration Experiences Not to Be Repeated
5 Cloud Migration Experiences Not to Be Repeated
 
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You SignCaveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
Caveat Emptor: 10 Questions to Ask a Managed Service Provider Before You Sign
 
Cloud Migration: Tales from the Trenches
Cloud Migration: Tales from the TrenchesCloud Migration: Tales from the Trenches
Cloud Migration: Tales from the Trenches
 
Protecting Against Disaster: Plan for the Inevitable Before it Happens
Protecting Against Disaster: Plan for the Inevitable Before it HappensProtecting Against Disaster: Plan for the Inevitable Before it Happens
Protecting Against Disaster: Plan for the Inevitable Before it Happens
 
Don’t Get Caught with An Out of Support MS SQL Server…
Don’t Get Caught with An Out of Support MS SQL Server…Don’t Get Caught with An Out of Support MS SQL Server…
Don’t Get Caught with An Out of Support MS SQL Server…
 
Content Delivery in an On-Demand Age
Content Delivery in an On-Demand AgeContent Delivery in an On-Demand Age
Content Delivery in an On-Demand Age
 
High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
High Performance Security: Mitigating DDoS Attacks Without Losing Your EdgeHigh Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
High Performance Security: Mitigating DDoS Attacks Without Losing Your Edge
 
Finding Success with Managed Services in the Azure Environment
Finding Success with Managed Services in the Azure EnvironmentFinding Success with Managed Services in the Azure Environment
Finding Success with Managed Services in the Azure Environment
 
DR in the Cloud: Finding the Right Tool for the Job
DR in the Cloud: Finding the Right Tool for the JobDR in the Cloud: Finding the Right Tool for the Job
DR in the Cloud: Finding the Right Tool for the Job
 
Safeguarding PCI Data in the Cloud
Safeguarding PCI Data in the CloudSafeguarding PCI Data in the Cloud
Safeguarding PCI Data in the Cloud
 
Understanding Your Cloud Service Provider’s BAA
Understanding Your Cloud Service Provider’s BAAUnderstanding Your Cloud Service Provider’s BAA
Understanding Your Cloud Service Provider’s BAA
 
How to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security DollarHow to Spend Your Cloud Security Dollar
How to Spend Your Cloud Security Dollar
 
Azure: Finding Success Beyond Test/Dev
Azure: Finding Success Beyond Test/DevAzure: Finding Success Beyond Test/Dev
Azure: Finding Success Beyond Test/Dev
 
New Business Models in Behavioral Health IT
New Business Models in Behavioral Health ITNew Business Models in Behavioral Health IT
New Business Models in Behavioral Health IT
 
Introducing HOSTING Labs - Ed Schaefer
Introducing HOSTING Labs - Ed Schaefer Introducing HOSTING Labs - Ed Schaefer
Introducing HOSTING Labs - Ed Schaefer
 
Event Sponsor ScienceLogic - CTO Antonio Piraino
Event Sponsor ScienceLogic - CTO Antonio Piraino Event Sponsor ScienceLogic - CTO Antonio Piraino
Event Sponsor ScienceLogic - CTO Antonio Piraino
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Ransomware Mitigation Through Virtual Replication

  • 1. Presented by HOSTING and Zerto Ransomware: Mitigation Through Preparation
  • 2. PRIVATE AND CONFIDENTIAL • This webinar is being recorded and an on-demand version will be available at the same URL at the conclusion of the webinar • Please submit questions via the button on the bottom left of the viewer – If we don’t get to your question during the webinar, we will follow up with you via email • Download related resources via the “Attachments” button above the viewing panel • On Twitter? Join the conversation: #ransomware @Zerto and @HOSTINGdotcom Housekeeping 2
  • 3. PRIVATE AND CONFIDENTIAL Ed Schaefer Director of Cloud Services HOSTING since 2007 eschaefer@hosting.com @schaeferej Donal Farrell Cloud Architect Zerto Our Speakers: 3
  • 4. PRIVATE AND CONFIDENTIAL • The risk vector • Securing & protecting best practices • Current data protection & recovery solutions • The Zerto revolution • Recovering from the infection in minutes • Hosting.com Demo Agenda 4
  • 5. PRIVATE AND CONFIDENTIAL Cloud Replication Services since 2012 • Consultative DR plan development • Guided Live and Test DR exercises • Solutions for every use case – Daily Backups – Long term Backup storage – Continuous Replication • Platform Native (Active Directory, SQL Server AlwaysOn) • Zerto Virtual Replication DRaaS at HOSTING 5
  • 6. PRIVATE AND CONFIDENTIAL CRS with Site Recovery Manager 6
  • 10. PRIVATE AND CONFIDENTIAL 10 50k+ A Global Problem - Worldwide infections 150k+ 50k+ 5k+ 5k+ 50k+ 50k+ 5k+ 1k+
  • 11. PRIVATE AND CONFIDENTIAL How Does it Work? 1. The victim is compromised by a phishing scam or exploit kit which downloads Cryptowall4 (NOV 15) 2. Binary is downloaded and executed 3. Injected into explorer.exe 4. Makes itself persistent copies to %AppData% and registry run key 5. Injecting in svchost (main malware logic) 6. Downloads RSA Public encryption key from C2 server 7. Files are encrypted with a random AES encryption from C2 server 8. RSA key is used to encrypt that AES Key 9. Displays the ransomware in 3 formats, png, text and HTML Public key Get keys 27p9k967z.x1nep
  • 12. PRIVATE AND CONFIDENTIAL • Most ransomware uses extremely strong crypto • Cryptowall 4 is not perfect….BUT • If a strong firewall or IPS is able to intercept and block the CryptoWall 4 packets, the infection will not continue. • RSA key cannot be downloaded • All security companies bottom line is “Have a good recovery strategy” Can It Be Broken?
  • 13. PRIVATE AND CONFIDENTIAL • 60% of attacks demanded over $1000 • 63% of attacks took more than a day to remediate • Email is the most popular entry point • 40% of attacks hit multiple endpoints • 80% of US organizations hit • 96% of US organizations NOT CONFIDENT IN RESTORE CAPABILITY Google Search – “malwarebytes international study”
  • 14. PRIVATE AND CONFIDENTIAL Stopping Infections 14 Users, IT Dept, External - Train users & IT - Anti-virus/malware - Restrict domain admins - Change control - Isolated external users - Software restriction policies Recommendations - Audit file shares - Audit permissions - Apply read-only - Firewall policies - User VLANs - Honey trap & alerting Disks, Network - Secure entry points - Filter web traffic - Scan email attachments - Block USB devices - Isolated BYOD - No web access on VMs Web, Email, USB, BYOD
  • 15. PRIVATE AND CONFIDENTIAL Typical Data Protection Solutions 15 06:00 09:00 15:00 Backup 12:00 Snapshot Snapshot 12:00 18:00 Snapshot Power Interruption or Hardware Failure Cryptolocker Virus Infection File deletion, Application or Human error = Data Loss & Downtime 24h+ 4h+
  • 16. PRIVATE AND CONFIDENTIAL Zerto Virtual Replication 16 Minimize impact, re-wind and recover from any point in time 06:00 09:00 18:0000:00 12:00 15:00 2 week Journal * * Sites Apps FilesVMs
  • 17. PRIVATE AND CONFIDENTIAL How Zerto Revolutionized Disaster Recovery 17 Zerto Hypervisor Based Replication Replication was in the wrong place – the physical layer The first Enterprise-class, Software-Defined Replication & Recovery Automation solution Hypervisor Security Networking Servers Storage Replication
  • 18. PRIVATE AND CONFIDENTIAL 18 Scale-out architecture, security hardened Virtual Replication Appliance Compression, throttling, resilience Prod Site vCenter VM VM VM VRA VM VM VM VRA DR Site vCenter VM VM VM VRA VM VM VM VRA WAN/VPN VM-Level Replication ZVM ZVM VM block-level changes Always-on Replication, Data loss = Seconds No snapshots, scheduling, impact, storage Management & Orchestration 1 x Zerto Virtual Manager per vCenter/SCVMM Windows VM, restrict ports Storage-agnostic replication Replica VM & Compressed Journal vDisks Journal 1 hour to 2 weeks max, 7-10% space vDisk vDisk vDisk How Zerto Works
  • 19. PRIVATE AND CONFIDENTIAL Enterprise Application Architectures 19 VM VM VM VMVM VM VMVM VM Firewall Load Balancers VM VM VM Web Servers File Servers Index Servers Database Servers
  • 20. PRIVATE AND CONFIDENTIAL Consistent Protection & Recovery 20 • Simple, scalable, protection & recovery of VMs, not LUNs • Recover multi-VM application stacks together • Point in time recovery, write ordering & application consistency • Prioritize replication, pre-seeding, reduce initial sync • Support virtualization features vMotion, svMotion, HA etc Production Site Enterprise Applications VM VM VM VM vDisk vDisk CRM, ERP, SQL, Oracle, SharePoint, Exchange CRM VPG VM VM VM VM VM SQL VPG VM VM VM VM VM VM VM VM VM vDisk vDiskvDisk VM RPO 4 seconds RPO 9 seconds ERP VPG RPO 6 secondsVM VM VM VM VM • LUN Consistency Group evolved = Virtual Protection Group VM VM VM vDisk VM vDisk VM VM VM VM vDisk vDisk vDisk vDisk vDisk
  • 21. PRIVATE AND CONFIDENTIAL Recovering From Cryptolocker In Minutes 21 Disaster Event! Click Failover Select Apps Verify Start Failover Recovery Process:
  • 22. PRIVATE AND CONFIDENTIAL Virtual Awareness and Integration 22 Hypervisor integrated Real-time Dashboard Service level driven Role Based Access Control Single Solution for BC/DR REST API automation Ensure compliance DR Test Reporting Prove recovery capability
  • 23. PRIVATE AND CONFIDENTIAL Recovering Individual Files & Folders in Minutes 23 Select VM Restore Request File server data Application files SQL databases Oracle databases Exchange databases Select Files & Folders Browser download Instant-access on ZVM Mount network share Data restored from seconds before Restore Anywhere Disks mounted No agent or impact Select point in time
  • 24. PRIVATE AND CONFIDENTIAL Proving Compliance and Removing Risk 24 • PCI • ISO • SOX • HIPAA • SEC Testing Regulations
  • 25. PRIVATE AND CONFIDENTIAL Proving Compliance and Removing Risk 25 • PCI • ISO • SOX • HIPAA • SEC Testing Regulations
  • 26. PRIVATE AND CONFIDENTIAL Proving Compliance and Removing Risk 26 • PCI • ISO • SOX • HIPAA • SEC Testing Regulations
  • 28. PRIVATE AND CONFIDENTIAL Ransomware Infection: • Real screenshot from end user PC • Encrypted files on all user mapped shares with edit permissions Real-world Zerto Customer Story 28 Response: • PC was isolated from the network • Used ZVR to recover files from minutes before • No need to re-create files or accept data loss from using backup • No ransom paid • Impact minimized!
  • 29. PRIVATE AND CONFIDENTIAL Zerto Feature Summary 30 Install in Minutes Simple Scalable Software Click to Test, Failover, Migrate RTO = Minutes, Prove Compliance Journal Based Protection Reduce impact, recover & re-wind No Snapshots Always-on, RPO = Seconds Consistency Groupings Storage & Hypervisor Agnostic For On-Premise DR & DRaaS Enterprise-Class Disaster Recovery Software Hypervisor-based Virtual Aware Powerful Data Protection & Recovery Strategic BC/DR Platform

Editor's Notes

  1. Notes: If it works to identify physical presence with dots or small flags they can be placed in: CA, AZ, OR, CO, IL, TX, OK, GA, FL, MA, NC, NY, PA, MN, CT, Western Canada, Eastern Canada UK, Italy, Germany, Spain, Netherlands, Israel, Sweden Malaysia, Japan, China, India, Singapore, Australia
  2. The victim is compromised by a phishing scam or exploit kit which downloads Cryptowall. **One of the first things Lastline’s research duo noticed about Cryptowall 4.0’s unpacked malware payload is a list of hashes it uses to resolve the addresses of all the APIs it needs to call. (One hash corresponds to exactly one API.) This choice of design, as opposed to storing the API names as strings or referring to an import table, enhances the ransomware’s ability to conceal itself from antivirus software.** 2) Binary is downloaded and executed – could be hiding in a ZIP file and a script then executed, attachment such as Macros etc 3) Injected into explorer.exe - The ransomware’s activities in explorer.exe are meant to achieve persistence and hide its tracks. 4) Makes itself persistent (registry run key) - Any infected user should remember that if persistence is successful the encryption function will run again on the next reboot to encrypt any files the user created after the initial infection. Cryptowall 4.0 sets about to achieve these objectives by copying itself to the %AppData% directory, creating a registry entry that enables it to start up at each boot, terminating the primary malware process, and deleting the original file. 5) Injecting in svchost (main malware logic) - CryptoWall 4 code injected in the svchost host process. Injection into this process is increasing the privileged level of access to the compromised machine; this allows the deletion of all available shadow copies without the end user being prompted with the UAC (User Account Control) dialog to ‘Approve’ the deletion if the user has administrator level access rights - use bcdedit to turn off Windows Startup Repair 6) Downloads RSA Public encryption key from C2 server Command and control center 7) Files are temporarily encrypted with a random AES encryption from C2 server and then the RSA key is used to encrypt that AES Key - now encrypts a file's name along with its data. Win 32 API used to encrypt 8) All files are encrypted with a temporary AES encryption key, which is later encrypted with the downloaded RSA public key and embedded in the encrypted files 9) Displays the ransomware in 3 formats, png, text and HTML to ensure the user knows 10) The only way to recover is to have access to the private key which was used to encrypt the public key, the private key can then de-crypt the AES key. CryptoWall 4 actually excludes certain file extensions and directories to ensure the OS still works and obviously the user can use that terminal to pay the ransom (end goal). Any infected user should remember that if persistence is successful the encryption function will run again on the next reboot to encrypt any files the user created after the initial infection. One of the first things Lastline’s research duo noticed about Cryptowall 4.0’s unpacked malware payload is a list of hashes it uses to resolve the addresses of all the APIs it needs to call. (One hash corresponds to exactly one API.) This choice of design, as opposed to storing the API names as strings or referring to an import table, enhances the ransomware’s ability to conceal itself from antivirus software.
  3. The bad news is that the Crypto-locker virus shows no signs becoming weak. BUT it is if anything becoming more intelligent, that being said the program is not perfect and of course has flaws which can be exploited. Many security companies are publishing excellent white papers on the details of such attacks and walking you through exactly how they work and giving some suggestions on how to fix them. One such example is one company identified that the C&C server (Crypto) sends encrypted packets to get the encryption keys and this can be isolated from getting those keys (the software essentially goes in to a loop). BUT this list of servers is in the CryptoWall code itself and changes and is encrypted. Just an example of how difficult it is to stop this. If you were fast to remove a PC from the network during the install phase then you could save your data. If you can block the code from downloading its RSA key then at the very least it will just go in to a continuous loop RSA public key packet ID is set to 7
  4. The bad news is that the Crypto-locker virus shows no signs becoming weak. BUT it is if anything becoming more intelligent, that being said the program is not perfect and of course has flaws which can be exploited. Many security companies are publishing excellent white papers on the details of such attacks and walking you through exactly how they work and giving some suggestions on how to fix them. One such example is one company identified that the C&C server (Crypto) sends encrypted packets to get the encryption keys and this can be isolated from getting those keys (the software essentially goes in to a loop). BUT this list of servers is in the CryptoWall code itself and changes and is encrypted. Just an example of how difficult it is to stop this. If you were fast to remove a PC from the network during the install phase then you could save your data. If you can block the code from downloading its RSA key then at the very least it will just go in to a continuous loop RSA public key packet ID is set to 7
  5. 2 week journal covers the typically reported 90%+ of data requests being within a 2 week window
  6. Back in 2011 replication in enterprise virtual environments was done at the storage layer, and at Zerto we saw this was in the wrong place as you were locked into replicating between 2 matching storage arrays. This meant that first of all you were unable to mix and match your storage between your sites, you had the complexity of replicating per lun, it was so complicated it even required a separate mgmt software for VM integration and couldn’t fully realize all the benefits of virtualization because you were tied into the physical layer. We revolutionized BC/DR by moving the replication into the hypervisor to make it software-defined and included all of the recovery automation, removing the need for a separate solution, and enabled the simplicity of protecting on a per VM basis. And Zerto isn’t alone in this trend, everything from your security, networking and storage is now moving into the hypervisor to realize the benefits of being software defined.
  7. Sales Notes: No overhead in production, no TBs of space like a backup product No agent required in protected VMs for this functionality Supports crash and app consistent PITs Data is compressed in the target site (on the fly by the ZVM backup service) before being sent over the wire to minimize bandwidth utilization Instant-access means the data is immediately mounted to the ZVM in the recovery site, meaning you don’t have to wait to restore the data from backup to start using it Zerto doesn’t give the workflows in the GUI for restoring app objects (like mailboxes), this can be done by mounting the data and pulling the objects out using the app tools, but Zerto has the one thing no other solution has > the actual data from the point in time required rather than the last backup Exchange mailboxes can be mounted, with no need to download, from the ZVM with the database in recovery mode to pull mailboxes and mailbox items with no disruption to production SQL and Oracle databases can instantly be mounted from the ZVM data, again no need to download first, to pull individual table data The power and possibilities of this feature are endless and it enables IT to revolutionize their approach to data protection and recovery utilizing their existing DR solution. Its literally 2 solutions in 1. SE Notes: The disk should not be left mounted for longer than journal history configured, just like a FOT. If the disk mount is kept for longer than the journal history, then the journal will expand just like a FOT Performing a failover will automatically unmount and open mounts Multiple disks can be mounted from the same checkpoint if a log and db need to be downloaded or restored