Carbonite's Security Push: CryptoLocker May Be Dead, But Ransomware Is Alive And Well
CryptoLocker, the ransomware that locked up precious business files and overwrote cloud-based backup systems to extort a ransom from business owners in crisis, served as a wake-up call for Carbonite and other backup and recovery services.
CryptoLocker dominated the headlines for more than a year before a law enforcement crackdown took over the criminal command-and-control infrastructure and effectively disabled the malware. Ransomware, however, continues to be a problem as copycat versions are crippling some business owners. Sony Pictures Entertainment may be the latest victim, saying Monday that it is investigating a possible attack on its systems with a hacking group said to be holding its corporate systems hostage.
Ransomware has no timeline and incident response needs to throttle into full gear, according to executives at Carbonite, which is expanding its customer base by targeting small and midsize businesses. The Boston-based company got a lesson last year in how fast ransomware infections can spread when its operations team picked up on a spike in customer activity related to CryptoLocker. Backups were being uploaded from customers that had just had their data encrypted by the ransomware, and the company’s data center was filling up fast, said Jim Flynn, vice president of operations and chief security officer at Carbonite.
[Related: 8 Victims Of The Gameover Zeus, CryptoLocker Attacks]
"As the disks were filling up with people's backups, soon thereafter phone calls started coming in and that was an indicator that something was going on," Flynn said.
The company formed a CryptoLocker task force to identify how to respond before more phone calls came rolling in. Flynn and his team kept tabs on account profiles to roll back backups before the ransomware encrypted the victim’s files. Customers who created new files and continued working may have lost up to two weeks of data, but it wasn’t a total loss, Flynn said.
"It's gotten to the point where we've just automated this," Flynn said. "If you have online backup with versioning we can get you right back to the healthy state you were at before you were infected with this."
With the surge of CryptoLocker infections over, Carbonite continues to focus on bolstering its security measures as it builds out its customer base. The company is adding resellers and systems integrators that help conduct business continuity planning with their clients. Flynn said the company's partners -- resellers, consultants and other solution providers in the channel -- are capable of picking up the technical support gap to focus on installing and maintaining secure backup and recovery as part of a small-business owner's disaster recovery strategy.
Malware infections can cost companies dearly in disruption or, worse, drain the company's coffers, say solution providers. Ken Colburn, president of Phoenix-based Data Doctors Computer Services, said Carbonite has been vital in helping it serve a number of its customers affected by CryptoLocker and a close cousin called CryptoWall.
"With ransomware becoming more sophisticated and more users falling victim, implementing an off-site backup system capable of restoring your data at a moment's notice is now practically a necessity," Colburn said.
NEXT: Employee Training, Account Credential Protection A Priority
Organizations must gain better visibility of their environment and greater awareness of the risks to their business, said Brad Taylor, CEO of Irvine, Calif.-based managed security services provider Proficio. System monitoring becomes increasingly essential and for some companies requires assistance from an outside firm, Taylor said.
"These are customers that are truly trying to address security by being proactive," said Taylor in a recent interview with CRN about the MSSP’s business model. "The weakest links are always going to be the pathway in, so identifying and closing them down quickly is paramount."
Carbonite, for its part, is focusing on an employee training program to ingrain security in its culture and the DNA of all the employees, Flynn said. The company has two-factor authentication on its road map and protects its user account credentials, properly salting and hashing them to defend against a costly user account credential breach.
"A lot of people, especially in small businesses, think they have to go make big investments in technology, but the weakest link is always the people," Flynn said. "Concentrate on educating people, alerting people and making people aware of the latest threats because someone is going to come in through one of the desks of the people sitting in your office or through the call center."
Carbonite's security strategy is focused internally, and data stored at rest is encrypted with the public key residing on the customer's system. No customer backup or storage components or infrastructure pieces are public-facing.
"There's less of a concern for the data that we hold here," Flynn said. "It could be riddled with viruses and Trojans and other problems, but all we need to worry about is whether the data is stored properly."
The company is more concerned with botnets owning its infrastructure, using the network power that Carbonite has to trigger a targeted or denial-of-service attack. "In assessing the risk landscape, you look at what it is that you have that would be appealing to the outside world and you protect the crown jewels first," Flynn said.
PUBLISHED NOV. 25, 2014