How EZ-Backup Can Help Protect Against Ransomware
Cornell Information Technologies and Anonymous*
A new wave of ransomware (malicious software that encrypts files for ransom), is currently making headlines in the news and affecting some users at Cornell. These particular instances of ransomware trick users into either applying fake software updates, enabling features in products like Microsoft Office, or opening attachments that contain the malicious software. Once the user clicks to apply changes, the ransomware encrypts their files so the user cannot access them unless they pay a ransom. Ransomware criminals are not trying to obtain sensitive data; it is about collecting money, so backups are crucially important.
EZ-Backup is a for-fee service that CIT provides that can help protect data by providing backups every 24 hours of all files on a workstation or server. The service enables the user to restore their own files.
On the afternoon before a holiday break, a staff member on campus opened an attachment for an invoice this person thought was legitimate. The attachment turned out to be ransomware. This particular staff member had fairly high level access to a shared server in the department, so thousands of files were encrypted.
After the staff member called local IT support, they contacted CIT, who immediately made sure the backups didn’t get overwritten. The solution this department took was to keep the fileshare live and individually restore each file that had been encrypted by the ransomware. CIT worked over the break to create a clone of the backup from the EZ-Backup files, enabling the department to be functional while it restored data. Because they were in a secure state within 24 hours, they did not have to pay the ransom.
EZ-Backup currently provides backup to 6,000-7,000 systems, storing 2,000 terabytes of data (2 petabytes). Users choose what time of day to do the backup and which files to backup.
To avoid paying a ransom if a computer is ever infected, users should always back up data, or use a file storage service that includes snapshots or backups. If they detect a problem, they should immediately freeze the last backup made prior to the ransomware attack. Users should always avoid opening attachments from unknown senders, and call their local IT support before installing updates. Finally, regular review of filesharing programs and access to files is recommended.
The client in this case study is anonymous to protect the identity of the affected department.
The Collaborative Relationship
“We had a solution in place quickly and CIT worked with us over the break to secure our system. We’re glad we were using EZ-Backup at the time.” – Client
*CIT is keeping the department in this case study anonymous to protect Cornell’s identity against malicious threats.