Ransomware attacks happen frequently recently, please be vigilant!

According to statistics, there are more than 100 new ransomware in 2020, and ransomware attacks have increased by more than 150% year-on-year. In 2021, ransomware continues to evolve, with more sophisticated attack methods, and many companies around the world suffer from it. Recently, multiple ransomware attacks have occurred in various parts of the world, which also illustrates the vulnerability of infrastructure security. In this way, data backup and security are particularly important.

We have summarized several major ransomware attacks that occurred in May this year.

1. DarkSide launched another attack on Toshiba, Japan

After a week of mediation, Colonial Pipeline, the US refined oil pipeline operator, announced the resumption of operations at the cost of paying a ransom of US$4 million to the blackmail organization DarkSide. At the same time, this hacker organization is eyeing the Japanese company Toshiba. According to reports, DarkSide posted on the dark web on May 14 that it had stolen up to 740G of confidential information and personal data from the management of Toshiba's French branch. Toshiba said it is setting up a strategic review committee to investigate the attack.

2. CNA was blackmailed for a ransom of 40 million US dollars

According to reports, after the US insurance company giant CNA was attacked by ransomware, it eventually paid a ransom of US$40 million to the other party and was able to regain control of the company's network.

The attacker was an organization called Phoenix. After encountering the Phoenix ransomware program, 15,000 CNA devices were encrypted, the network was forcibly interrupted, and some systems were unable to operate. In addition to CAN's internal network, Phoenix CryptoLocker also encrypted the computers of remote employees who connected to the company's VPN during the attack. CNA initially ignored the Phoenix organization's request, but was forced to pay the ransom shortly after being unable to recover the data on its own.

3. Numerous medical institutions in the U.S. were serially extorted

Recently, the FBI issued a security notice stating that the ransomware group Conti tried to attack and damage the networks of more than a dozen US medical and emergency agencies. Conti has more than 400 targets in the world, and more than 290 are located in the United States, including municipal governments and emergency 911 centers.

The Conti ransomware is reportedly controlled by Wizard Spider, a cybercriminal organization headquartered in Russia. According to the FBI, Conti's ransom requirement is tailored to each institution, with a ransom requirement of up to $25 million.

In recent years, critical information infrastructure has been the key target of hackers using ransomware attacks. Once infected, it will cause immeasurable losses to enterprises and users, and it has the characteristics of high data recovery cost and extremely low data recovery possibility. The following are some suggestions on ransomware protection, to remind everyone to be alert to ransomware and do a good job of related prevention work.

Ransomware distribution methods:

(1) Trojan on the website

When a user browses a website with Trojan horse software, the computer system of the Internet terminal is very likely to be implanted with Trojan horse and infected with ransomware.

(2) Mail dissemination

Attackers cast spam and phishing emails on the Internet. Once the recipient clicks on the link or attachment with the ransomware, the ransomware will run silently in the background of the computer to implement blackmail.

(3) Propagation of loopholes

Attack and implant software through vulnerabilities in the computer operating system and application software. In 2017, the large-scale ransomware incident of WannaCry that spread throughout the country used Microsoft's 445 port protocol loopholes to infect and spread computers on the network.

(4) Bundled transmission

Attackers bundle ransomware with other software, especially pirated software, illegal cracking software, activation tools, etc., thereby inducing users to click to download and install, and infect users' computer systems with the bundled installation of host files.

(5) Media transmission

Attackers spread the ransomware by pre-planting or through cross-use infection and other means to carry the ransomware U disk, CD-ROM and other media to carry out the mobile spread of the ransomware. The ransomware runs automatically or the user clicks to run the ransomware and causes the computer to be infected.

Protection recommendations:

(1) Do a good job of remote/disaster recovery backup of important data and files on a regular basis. Important systems should adopt active-active disaster recovery backup;

(2) Take necessary measures to strengthen the security protection of computer systems, and regularly carry out vulnerability scanning and risk assessment;

(3) Update and upgrade systems and applications in a timely manner, and repair existing medium- and high-risk vulnerabilities;

(4) Install mainstream anti-virus software and update the software library in a timely manner, and conduct comprehensive software scanning and killing on a regular basis;

(5) Disable the automatic operation function of U disk, mobile hard disk, and CD-ROM in the system, and do not use/open U disk, CD-ROM, e-mail, URL link, and files of unknown origin;

(6) Close ports such as 445, 135, 137, 138, 139, 3389, 5900 on computers and servers and other terminals;

(7) Avoid using weak passwords, set different passwords for each server and terminal, and adopt a high-complexity combination structure that mixes uppercase and lowercase letters, numbers, and special characters;

(8) Do not download and install pirated software, illegally cracked software and activation tools on the Internet;

(9) Turn off unnecessary file sharing permissions;

(10) Try to avoid directly mapping the RDP service to the external network and using the default port.

This year is a year of frequent ransomware. Data security needs to be considered during the digital transformation of society. Vinchin also reminds users to attach importance to data security and establish efficient disaster recovery backup solutions to deal with ransomware. The best solution.

Vinchin's response to ransomware:

1. Prevent ransomware from the source

Automatically check the legitimacy of the file. When the file type is modified or the file is encrypted, it can be discovered in time, and the changed data will not be synchronized to the backup server, thus effectively preventing the ransomware from invading again.

2. Real-time backup, RPO=0

The Vinchin disaster recovery backup system supports real-time backup, monitors every IO change in real time, and records the changed data in an incremental manner. There is no backup time window, and zero data loss is truly achieved. The backup is restored to the moment before the ransomware infection, the smallest backup The recovery intensity can reach millisecond level.

3. Remote disaster preparedness, local and remote dual protection

The Vinchin disaster recovery backup solution can help users build remote disaster recovery systems. The remote backup system is isolated from the production environment, and the copy tasks are independent, and it will not affect the production of the primary backup. Even if the local business system is temporarily interrupted due to ransomware, it can also pull up the business in a remote place to achieve business takeover.

4. Archive to the cloud, the third protection of data

Vinchin supports local archives or cloud archives of important user backup data, effectively manages data, and realizes long-term storage of data. After an accident occurs, data can be restored by restoring the archived data to the disaster recovery end. A variety of data backup methods for users to choose the most suitable solution.

A preview of Vinchin's defense against ransomware

Vinchin will release the latest version of Vinchin's disaster recovery backup system this year, with innovative addition of backup data protection functions, which can effectively prevent ransomware from tampering with data.

Through the unique Vinchin Encrypted backups technology, Vinchin monitors and protects the backup data in an all-round way. When ransomware or malware tries to modify the backup data, it will be directly denied access, thus effectively protecting the backup data.

Vinchin's backup data protection function can effectively resist malicious attacks and provide additional protection for user data security. The latest version of Vinchin's disaster recovery backup system will be launched this year, so stay tuned!