WannaCry, Petya, What’s Next? Are You at Risk?
Recent ransomware attacks called WannaCry and Petya have been making headlines. They are demonstrating just how vulnerable many computer systems are to attack. Tens of thousands of systems have been affected by these ransomware attacks and they should be making you consider how vulnerable your systems are.
The type of ransomware attack used by WannaCry and Petya encrypt data, making it unreadable, and then demand payment to decrypt the data. They both attacked a vulnerability exposed in Windows operating systems that were not updated to a sufficiently recent patch level. While your systems may not have these specific vulnerabilities, it is impossible to prepare for every new or existing vulnerability that may be the target of the next attack. In addition to making your systems less vulnerable to attack, it’s a pretty good idea to have a plan for how to deal with a successful attack on your systems.
Who is most vulnerable?
In this particular case, Windows users. Windows servers and more importantly Windows Hyper-V servers were vulnerable. A Hyper-V server being hit by ransomware can cripple a small business and do serious damage to larger businesses. Small businesses really take the brunt of these attacks because even one server or one virtual host can represent nearly the entire business IT infrastructure.
What are the options?
Worst Case: Total Data Loss
You lose your data and start over. If you didn’t have a good backup or no backup at all, you may have just lost your data. No one wants to be in this situation. It could literally be the end of a business trying to recover from this type of total loss.
Recover from Backup
You may have a good backup of your data and you can recover it. Great. When was the backup taken? Last night? What is the cost of the lost data since then? How long does it take to recover onto a clean system? What is the cost of the lost productivity while recovering? These costs can be high.
Recover from a VM Snapshot
If the machine that was affected was a virtual machine running Windows, you may have been taking regularly scheduled snapshots of the VM and you can revert to a snapshot of the entire VM from before the ransomware infected the system. The recovery time here is very short and the amount of data loss depends on how often you are taking snapshots. This is probably the best case scenario, unless the hypervisor was Hyper-V and it also got hit by the ransomware. Then you are in bad shape.
Pay the Ransom?
For Petya, which demanded $300 in bitcoin, a few actually paid the ransom before the contact email was shut down, closing off that option for the rest of the victims. Even those who do pay have no guarantee of getting their data back according to Forbes.com. Even if you were guaranteed to get your data back, it is not a good option, no matter how much economic sense it makes, because it rewards the perpetrators.
What can you do?
If you are a small business, you might be using Hyper-V because it is a popular choice for virtualization at a low cost. You might also not have the budget to employ a full-time IT staffer to make sure your systems are up to date against the latest threats. Still, being prepared for attacks like ransomware may be easier and more cost-effective than you might think.
Consider HC3 hyperconverged infrastructure from Scale Computing. Our virtualization platform combines server and storage hardware with virtualization into an easy-to-use appliance. With HC3, you can rest more easily knowing that with our snapshot technology and other security features, you can easily restore VMs from ransomware and other virus attacks quickly and easily.
HC3 is not out of your budget. Our appliances are comparable in price to traditional server hardware and you can start with just a single appliance if that is all you need. Our solution is cheaper than traditional virtualization architectures that require external storage like SAN or NAS and are easier to deploy and manage. If you are concerned about how these ransomware attacks and other security threats seem to becoming a way of life, check out what HC3 can do to help protect your business.