Scribd
Upload
32 views24 pages

3. Ông Phạm Hoàng Linh, HPE Việt Nam - Bảo vệ dữ liệu và giải pháp phục hồi Ransomware

Uploaded by

thethuybn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
32 views24 pages

3. Ông Phạm Hoàng Linh, HPE Việt Nam - Bảo vệ dữ liệu và giải pháp phục hồi Ransomware

Uploaded by

thethuybn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

By 2031, the fastest growing type of cybercrime is

expected to attack a business, consumer, or device


every 2 seconds.

The total cost by then will be $265 billion.

Ransomware has become a board level challenge.

SOURCE: Cybersecurity Ventures


Beyond the cost of recovery

$1.85 million
average cost of ransomware
recovery

21 days
average disruption period of an attack

66%
of victims suffered significant revenue loss

25%
of victims suffered a period of business closure
Typical sequence of events – ransomware file encryption on a vm
1) Network is compromised •Standard AES 256-bit encryption is used
2) OS/Domain credentials are intercepted •Progresses through targeted folders quickly
3) Malware software is uploaded •OS files and user control files are exempt
4) A privileged account activates
encryption
5) User notification to pay ransom in
Bitcoin
It’s not a matter of if,
but when.
USELESS
Federico Venier 2022

Sleeping
Employees & Contractors PC Filter Driver:
KLICK decrypts files on access for hiding the attack.
SHE SHE SHE

Ransomware
Production
Mon Tue Wed Thu Fri Sat Sun
SHE SHE SHE SHE
Slow Hidden Encryption Backup Orchestrated
OS & Hypervisors Standard Snapshots

Hidden
Federico
Local policy
Slow Hidden Encryption: Venier 2022
Encryption Virtual-Lock Snapshots
– This is an optional phase,
– New malware breeds often use it
Local policy
– It makes the recover more problematic Standard Snapshots
– The alternative is a Fast Encryption
Storage
RP RP RP RP RP
Partial encryption vs Full encryption Alletra 9000 RP RP RP RP
– Increasingly common methodology RP RP RP RP RP
RP RP RP RP Immutability
– Only ~1 KB every few MB is encrypted RP RP RP RP RP

– Fast: the process is 1000s time faster Windows File System Backup Appliance
– Undetectable: light workload, difficult to detect Backup Server
StoreOnce 4.3.2
Compliance
Mode
Backup servers can get infected
Admin Sec. Officer
– Connected disks and Shares are encrypted as well
Federico Venier 2022

Employees & Contractors PC


SHE
KL SHE
KL SHE
KL

Ransomware
Production
Mon Tue Wed Thu Fri Sat Sun
SHE
KL SHE
KL SHE
KL SHE
KL
Slow Hidden
Key Encryption
Logger hack Backup Orchestrated
OS & Hypervisors Standard Snapshots

Backup
Backup SW
SW // pwd
pwd
Local policy
SO-Admin
SO-Admin // admin
admin Hidden
Encrypted Virtual-Lock Snapshots
Encryption
3paradm
3paradm // 3pardata
3pardata
Local policy
Standard Snapshots
SO-Admin
3paradm
BackupSW
Storage
pwd
admin
3pardata Alletra 9000 RP RP RP RP RP RP RP RP RP
RP RP RP RP RP
RP RP RP RP Immutability
RP RP RP RP RP

Windows File System Backup Appliance


StoreOnce 4.3.2
Mr. Hacker Remote desktop Backup Server Compliance
Mode

Admin Sec. Officer


Federico Venier 2022

Employees & Contractors PC Filter Driver removed and key deleted


It stops to decrypt files on access, exposing the
SHE
Err. SHE
Err. SHE
Err.
underlying data-corruptions.
Alternative: Active Encryption: Only for malwares
not based on a Filter Driver and Slow Hidden Encryption
Ransomware
Production
Mon Tue Wed Thu Fri Sat Sun
Error
SHE Error
SHE Error
SHE Error
SHE
FINAL ENCRYPTION Backup Orchestrated
OS & Hypervisors Standard Snapshots

Hidden
Local policy
Encrypted Virtual-Lock Snapshots
Ransom Request Encryption

Pay $10.000.000 Local policy


Standard Snapshots
to receive the tool for
unencrypting your files Storage
RP RP RP RP RP
Alletra 9000 RP RP RP RP
RP RP RP RP RP
RP RP RP RP Immutability
RP RP RP RP RP

Windows File System Backup Appliance


StoreOnce 4.3.2
Backup Server Compliance
Mode

Admin Sec. Officer


Federico Venier 2022

• Remove the malware Employees & Contractors PC


• Find a valid restore point.
Filter Driver removed and key deleted
It stops to decrypt files on access, exposing the
• Change pwd SHE
Err. SHE
Err.
• Multiple options:
SHE
Err.
Snapshot
underlying and Backup.
data-corruptions.
• Clean the environment • Test it in aOptional
clean Active
room,Encryption:
and Recover. Only for malwares not
based on a Filter Driver and Slow Hidden Encryption
Ransomware
Production
Mon Tue Wed Thu Fri Sat Sun
Error Error Error Error
RP
FINAL ENCRYPTION Backup Orchestrated
OS & Hypervisors Standard Snapshots

Hidden
Local policy
Encrypted Virtual-Lock Snapshots
Ransom Request Encryption

Pay $10.000.000 Local policy


Standard Snapshots
to receive the tool for
unencrypting your files Storage
RP RP RP RP RP
Alletra 9000 RP RP RP RP
RP RP RP RP RP
RP RP RP RP Immutability
RP RP RP RP RP

Windows File System Backup Appliance


StoreOnce 4.3.2
Backup Server Compliance
Mode

Admin Sec. Officer


HPE StoreEver Tape portfolio with LTO-9

MSL 1/8 Tape MSL2024 MSL3040 MSL6480 HPE HPE TFinity ExaScale
Autoloader Tape Library Tape Library Tape Library T950

SMB & Distributed


Environments Mid-Range Enterprise

Max. drives 1 Drive 2 Drives 48 Drives 42 Drives 120 Drives 144 Drives

Max. 360 TB 1.1 PB 28.8 PB 25.2 PB 450.9 PB 3.05 EB


capacity

*2.5:1 compression
HPE Primary Storage
with immutable snapshot

HPE Alletra 9000 HPE Alletra 6000 HPE Alletra 5000


Mission-critical workloads Business-critical workloads General purpose workloads
Immutable backups to HPE repositories

Hardened Linux repositories Catalyst immutability


V12

HPE StoreOnce

HPE Apollo 4510 HPE DL345


S3 Object immutability
V12

HPE Apollo 4200 HPE Nimble Storage Scality


Achieve an Uninterrupted Business with
CONTINUOUS PROTECTION
Any App, Any Cloud, Any Threat

Ransomware Disaster Multi-Cloud


Recovery Recovery Mobility
Resume in minutes to Foolproof recovery with Freedom to innovate
seconds before an attack fastest RTO and RPO across clouds

Continuous Data Protection


ZERTO DIFFERENTIATORS

#1 #2 #3
Resume operations at Recover to a state, De-risk your recovery
scale, in minutes seconds before an with instant, non-
attack disruptive testing
ONLY ZERTO
Simplicity At Scale

Proven Reliability

Gold Standard In Performance

FORTUNE 10 TOP EU
ORGANIZATION MANUFACTURER
4000 VMs 1200 VMs 2000 VMs 1200 VMs
8 sec RPO 9 sec RPO 6 sec RPO 5 Sec RPO
Get out of ransomware jail
Zerto Free Edition

Details of offer:
✓ 10VMs of Enterprise Cloud Edition
✓ Valid for one year
✓ Valid for vSphere and Hyper-V, users can
also replicate to Microsoft Azure or AWS

This version is community supported, not a paid support


option. Prospects can use to evaluate Zerto.

You might also like