- Request A Quote
Most IT discussions about dealing with ransomware focus on one of two strategies:
Replicating your business’s digital infrastructure and assets outside of your primary network—so if a hacker executes a ransomware attack, your company can continue operating.
Stopping cybercriminals from gaining access to your corporate IT network, files, and systems in the first place.
Both worthy goals. But there’s a third scenario, equally dangerous and likely, which few IT teams think about. Your team needs to be ready for this one as well.
3. Identifying dormant ransomware already on your network, waiting for its creator to execute the attack.
The good news: you can sniff out these viruses and destroy them
According to research from the UK’s National Cyber Security Centre and reported in The New Scientist, ransomware often lays dormant on a network for weeks or even months before the cybercriminals activate it to launch their attack.
To cite one recent example, ITPro published a 2020 story explaining the popular ransomware Ryuk is ravaging UK businesses by sneaking onto corporate IT networks, sitting quietly for several months, and then launching their attacks right around the holidays, when these organisations can least afford to be locked out of their systems.
There’s bad news and good news in this sleeper-ransomware trend.
The bad news is that, if the sleeper virus goes undetected by the IT team, it will be backed up repeatedly along with all of the company’s other data and systems.
In fact, many ransomware viruses are designed specifically to infiltrate a company’s on-prem backup systems. That’s why their creators allow them to lay dormant in the first place—so they can hide among the legitimate data, get backed up along with the rest of the company’s digital assets, and propagate themselves as far and wide across the company’s IT infrastructure as possible.
The good news, though, is that if a company is aware of this threat and has the tools to frequently scan for malicious code, they can identify and remove dormant ransomware before it has a chance to do any harm.
Asigra’s malware hunter guards your network 24/7
So, is dormant ransomware already laying low in your IT environment, waiting for instructions to come to life and strike? One simple, effective way to sniff it out is by deploying Ransomware Protection, featured in the latest version—v14.1—of Asigra’s backup solution.
The Ransomware Protection feature uses multiple detection engines to continuously scan your entire network, including your on-prem backup infrastructure, searching for threatening code. It’s also sophisticated enough to detect imposter viruses posing as files that belong on your network. The malware hunter’s features include:
Real-time AI-Powered malware prevention scans backups and restores, isolating malicious code and alerts administrators of infections. Before restoration, legacy recovery files are scanned again to prevent the Attack-Loop.
Zero-day exploit protection
Signatureless technology can identify unauthorized code without having to rely on a database of known malware.
Instead of actually deleting a record, the soft-delete moves the data to a hidden folder for a set period of time pre-determined by the admin, deceiving the malware into thinking it has eliminated the backups.
Variable file naming
The system can rename file repositories in non-standard formats to prevent recognition and deletion of backups by viruses.
Built-in, passwordless multi-factor authentication protects both users and backup tasks vulnerable to attacks.
Bottom line: If Asigra’s Ransomware Protection spots anything suspicious, it sends your team a warning immediately, so you can respond immediately. In other words, you and your IT team can rest easy—because Asigra’s malware hunter never does.
You can learn more about this new ransomware-prevention feature by speaking with KeepItSafe, an award-winning Asigra partner.
Enter your email below to be notified about new articles.
“Disaster Recovery Planning: Getting from Good to Great”