16 Feb One-Two Punch: How Cisco Umbrella and Anchor Successfully Put Ransomware to Bed
Ransomware has become one of the most destructive forms of crime we’ve seen since the world was thrust online over twenty years ago. While the concept of cybercrime is nothing new – the first denial-of-service, or DoS, attack occurred in 2000 by a Canadian teenager – full-scale attacks have evolved from being a disruptive annoyance to a full-fledged, multibillion-dollar industry.
In the first three months of 2016, ransomware criminals made $209 million off victim payouts, according to the FBI. This is a staggering escalation from the $24 million they made in all of 2015. The threat of ransomware has become a reality for millions, from stay-at-home moms to entire hospitals. Businesses, especially those in the SMB, need solutions in place that offer protection both pre- and post-ransomware infection. Cisco Umbrella and eFolder Anchor are two solutions that do just that – but how?
Cisco Umbrella is a cloud security platform that acts as the first line of defense against threats. Should a user be directed to a web page that Umbrella identifies as malicious, the DNS request will be blocked before an infection can occur. This stops ransomware in its tracks, denying the opportunity for the malware to take over the user’s network or machine.
Umbrella also has features in place that combat existing ransomware infections. Hackers use command & control (C2) servers to stay in communication with the machines they’ve infected, giving them an opportunity to launch subsequent attacks in the future. Umbrella blocks these C2 callbacks, stopping the hackers from obtaining the machine’s encryption key.
While Cisco Umbrella excels at being the first line of defense, businesses need additional ways of not only preventing ransomware, but recovering from it.
One of eFolder’s answers to ransomware recovery is in our file sync & share solution, Anchor. Anchor is a business-grade productivity solution that enables users to sync and share even the most confidential data in a secure, compliant environment. Anchor happens to be a powerful ransomware recovery and backup tool, as well.
There are two main Anchor features that enable businesses to recover from a ransomware infection – Revision Rollback and Snapshot. Revision Rollback gives users the ability to restore all files within an entire folder back to a specific day and time, based on file revision history (i.e., before the time they were infected). Advanced ransomware attacks, however, can potentially delete, recreate, and change files names, affecting the ability to reference file revisions as point of restores. This is where Snapshot comes in.
Snapshot gives administrators the ability to copy an entire folder as it existed at a specific point in time, even if those files were previously deleted, recreated, or changed. While Revision Rollback can restore healthy revisions, Snapshot is crucial in restoring revisions that have been affected by ransomware. Once this restoration has taken place, users are able to access all of the files in their folder that were previously being held for ransom.
Today we’re living in a reality where no business, no matter how big or small, is safe from the threat of ransomware. If your business currently lacks key solutions like Cisco Umbrella and eFolder Anchor, I encourage you to learn more about the threat of ransomware and how these solutions can keep your business and your clients safe.
If you’re interested in learning more about Anchor, you can schedule a short demo with one of our product specialists here.