Whitepaper

transObjects® RW-Catcher Against Ransomware Attacks

Nico Pereira da SilvaFAQ, Whitepaper
ransomWare
Typical info after a successful ransomware attack.

If you see a “good morning” – usually at monday morning – with a message that looks similar to this one shown here, then it’s already too late for any defensive handlings. You have fallen victim to a so called ransomware attack … 👿 From now on you will be prompted with this notification at every step you do, assumed that a step is even possible: All important files were encrypted and for their decryption you had to pay a fee in bitcoins to the displayed address. There is also a fair offer to test the quality of this “decryption service” even before the payment! Well… 😮

After the first terrible moment, you take a deep breath and after this you contact your IT manager in a (deceptive!) coolness, because there are enough backups, shapshots etc. So, he simply has to restore them and that’s all. But then comes another terrifying moment, which feels like an eternity: even the backups, snapshots, shadow copies and whatever you trust in are all… encrypted!

loggPROdmsMix1
loggPRO®.dms may act as a ransomware catcher: dms data can only be read using transObjects® protocols – and even then only read (!)

The last chance you have is an old USB disk you maybe kept at home. If not, it’s hard to know what to do. Pay anyway, just leap in the dark? Truly an awful Option.

In order not to face this “choice” – which is not really one … 👿 you should immediately check the technical defense mechanisms and organizational measures of your IT for possible vulnerabilities and then eliminate them as necessary. Here is the good old principle “do not let one to the other”. So, if possible, your defense strategy should include both active and passive elements, to prevent the malware from entering your system and to allow a quick recovery after a successful attack.

Especially in the recent past we observed some very sophisticated and unfortunately successful ransomware attacks. We noticed that unlike previous versions of ransomware, the exploits initially targeted backups, snapshots, shadow copies etc. All of them were encrypted at first, so that a recovery became impossible – without attracting any attention. Therefore affected users found their system fully encrypted and the last chance was indeed the old fashion USB hard drive

➡ However, what was noticed during all the attacks was the not very surprising fact that the data stored in the transObjects® databases was completely spared from all the attacks. Not very surprising, because the access goes only with the proprietary transObjects® protocols. But even the direct attacks on the database instances were ineffective – especially if they were “demilitarized” and possibly operated under Linux.

These experiences led our developers to put together all the security features in the “transObjects® RW-catcher” package. This tool can make the passive as well as the active security of your IT – just as it can complement the other mechanisms and measures. We are always ready to discuss with you the resulting options for you and your IT.