A Good Backup Strategy: Your Best Defense Against Ransomware

By Tom Fedro
As seen in Security Magazine 2.2.17 –

http://www.securitymagazine.com/articles/87775-a-good-backup-strategy-your-best-defense-against-ransomware

Last year, cybercriminals attacked the California-based Hollywood Presbyterian Medical Center, encrypting files crucial in running the hospital’s operating systems and demanding a ransom to restore them to working order. The scam worked – after 10 days of futility, the hospital surrendered and paid $17,000 to regain system control.
Other hospitals, government agencies and businesses in the U.S. and abroad were targeted similarly last year, leading CNET to dub such ransomware scenarios as “the hot hacking trend of 2016.” And the numbers are truly staggering. Osterman Research estimates that nearly half of surveyed organizations have been hit with ransomware within the last year, and concludes that ransomware will amount to a $1 billion source of income for cyber criminals in 2016. In a recent report, Kaspersky Security states that in Q3 2016, a business was attacked by ransomware every 40 seconds, and that even after paying the ransom, one in five of them never got their data back.

Apple Users Now a Target

But while many ransomware instances go unreported due to embarrassment or the desire to not be targeted again, the attacks were thought to be largely focused on the Microsoft Windows software realm, leaving Apple users relatively unscathed. But that changed in 2016 when the first public ransomware targeting Apple systems was discovered by Palo Alto Networks, which found a popular BitTorrent client for Apple’s OS X software for Macs infected with ransomware. Known as “KeRanger,” the ransomware is delivered with a ransom note demanding 1 Bitcoin, which has a current market value over $700. Fixing the problem can also be complicated and time consuming.
Antivirus software also isn’t having an impact; by the time a computer is infected with ransomware, it’s likely that the antivirus software won’t detect it until it’s too late and the damage has been done. The encryption used by modern ransomware is often too good to crack, leading most security experts to conclude that the best approach to fighting ransomware is to avoid it in the first place.

Different Backup Approaches

It seems the most effective way for Apple users to safeguard their computer files from these nefarious attacks is through regular backups. And, in the event you are hit with ransomware, the solution would lie in simply restoring your system to the state it was before the malware hit your computer. There are several backup and restore approaches to consider for the Apple environment:
Time Machine is the backup software application distributed with the Apple operating system, introduced in Mac OS X Leopard. It was designed to work with various storage drives such as Time Capsule. But for Time Machine to be effective, files must be unlocked or closed, which may not be practical for those currently in use. In addition, there is the possibility of a two-step process within OS X that requires users to reinstall the operating system before retrieving the application and files from the backup image.
File System Snapshots simplify backup and recovery by taking a point-in-time virtual file system photo. But while this backup method can be employed to protect active operating systems, depending on files sizes, it can take significantly more time.
Disk Management Solutions can create image-based copies of a disk or partition (or multiple disks and partitions) whether active or inactive, at a specific point in time far more quickly. Such robust offerings have the advantage of being able to make consistent sector-level backups (also often referred to as Snapshots) even if data is being currently modified.

Thus, while there are different backup approaches to consider, the bottom line is that a regular, proactive backup strategy – potentially even a multi-pronged approach – is your best defense against crippling ransomware attacks. And while Apple users were once immune from such attacks, they too now need to join the rest of the computer world in being vigilant in protecting themselves. After all, like many things in life, when it comes to avoiding being held hostage by cybercriminals, an ounce of prevention is worth a pound of cure.

What Mac’s Battle for Workplace Dominance Means for IT Professionals

mac

What Mac’s Battle for Workplace Dominance Means for IT Professionals

by Tom Fedro

Mac’s growing popularity in the workplace doesn’t have to be a whole new set of IT headaches – if IT pros are willing to consider broader enterprise management tools.

For more than three decades, Apple has had a strong play in desktop publishing, education and other creative fields (e.g. photographers, graphic designers, video editors), but for many years, it was a rare exception to see a Mac in most other business environments. Ever since the BYOD (bring your own device) phenomena began picking up momentum over the past decade, things have changed.

According to JAMF Software’s second annual global survey of IT pros, 96% of all enterprise IT professionals say their internal teams are now supporting Macs. In fact, PC shipping estimates from Gartner show that the Windows PC market has been steadily declining, with shipments down 9.6% in Q1 2016 compared with the previous quarter. At the same time, worldwide Mac sales are holding steady.

Macs Bring New IT Management Challenges

Although end-users may find Macs easier to use, 73% of IT administrators feel the exact opposite, according to a study by Dimensional Research. Specifically, there are three areas where IT administrators run into challenges with Macs in the workplace:

  1. There is an obvious risk of putting business software and other intellectual property on personal devices—especially when employees lose their devices, or they terminate employment. The Find My iPhone app, which is the same app used to manage MacBooks and iMacs, is not able to distinguish between personal data and corporate data when performing a remote wipe. Additionally, the software requires an IT administrator to use the device owner’s user ID and password, which are the same credentials used to access users’ personal emails, photos, videos and anything else stored in iCloud. This can create a power struggle between users and IT professionals, and many headaches as well.
  2. Backup and Recovery. Like Microsoft, Apple bundles backup and recovery software with its computers. However, Time Machine, like the Find My iPhone app, has its shortcomings. For instance, Time Machine doesn’t, in normal operation, create a bootable backup of the internal drive. It can only restore an internal drive from the backup archive. Additionally, Time Machine offers no flexibility with backup intervals; it runs a backup once per hour, which for some companies may be too often and for others not often enough. It is also difficult to verify the success of each backup since Apple makes the backup file log an invisible file, not intended for user inspection.
  3. Although many popular software suites run on Mac and Windows platforms (e.g. Microsoft Office), there are always one or two that either only support Windows or have limited functionality on a Mac. Rather than using two devices, Apple’s Boot Camp software, which is included with Macs, can be used to install Windows on a Mac and allow users to switch between platforms during the boot-up process. Configuring Boot Camp requires hard drive partitioning, which isn’t problematic until users need to add more space to the partition down the road, an IT professional wants to move one of the Boot Camp partitions to another computer, or to perform an advanced task such as converting a partition table without data loss.

Minimize Mixed OS Frustrations with Disk Management Software

Instead of accepting Mac’s software limitations, there is another option that many IT teams overlook: investing in a disk management solution. When made specifically for the Apple platform, these solutions can give IT pros the kind of advanced data protection, backup, networking and overall granular control that they’re accustomed to in traditional PC/Windows environments, including:

  • Secure disk wiping of business apps, files and directories using system administrator privileges instead of users’ personal IDs and passwords.
  • Snapshot-driven backup and recovery and sector-level imaging, which minimizes backup storage footprints and enables users to create bootable USB drives, recover lost or accidentally deleted partitions, and perform full bare metal restores.
  • The capability to resize partitions and redistribute unused space, perform non-destructive partition conversions and move partitions to new machines.

If you’re an IT professional who’s hoping Mac’s presence in business is a passing fad, you might want to reconsider your position, especially since millennials are playing a greater role in businesses’ IT strategies – and a large percent of them are Mac loyalists. Today’s new breed of enterprise-grade solutions built just for the Mac make it possible to get beyond what many consider a “Mac vs. Windows” IT battleground, and instead focus on getting the job done right, regardless of platform. The good news is both platforms can (finally) play nice together and create a better work experience for everyone.

Published with permission of WestWorldWide, LLC, publisher of Computer Technology Review. All rights reserved. 2016

 

Most effective protection against the Locky Trojan horse – an up-to-date backup

Locky: A New Trojan Horse That Encrypts Your Files

It’s time to take caution because a new Trojan horse known as “Locky” is striking terror everywhere and is spreading like wildfire all over the internet. More and more infections have been reported in the past few days, especially in Germany – thousands of infections an hour, in fact! Like many other harmful programs, this Trojan horse also spreads via E-mail. Specifically, E-mails with infected Office documents attached are being sent to unsuspecting victims. These document contain a macro code which the Trojan horse installs as soon as the document is opened. The insidious trick here is that such documents are often passed off under the guise of an open invoice. The virus is now being spread byJScripts as well.
Once installed, the virus searches for certain file types which the developers of the virus assume to be private files of personal value, such as text documents and multi-media files. Files in accessible networks and cloud storages can also fall victim to the virus. These files are then encrypted by Locky so that the user can no longer open them. Instead, the user is demanded to pay the developers ransom money to decrypt the files. Unfortunately, there is no way at present to remove the virus from the system once it has been activated. As soon as you detect that Locky has infected your system, you should shut your system down as quickly as possible – even the rough way by pulling the plug on your computer. This way, you can at least prevent the Trojan horse from causing even more damage. You can then remove the virus with a disinfection CD and attempt to restore the encrypted files. However, this approach only works for files which Windows has made a “shadow copy” of. Unfortunately, Locky will also delete these files, which severely limits your chances of success.
That’s why it’s better to take preventative action so that you won’t even catch the virus in the first place. This means there are basic rules for protecting your system from external attacks (which you should already be following anyway).
Do not open file attachments on E-mails from senders you don’t know, and back up important files on a separate data medium. Make sure to keep your antivirus program up to date at all times. You should also update your operating system and other programs regularly, since these updates often close security loopholes which Trojan horses take advantage of.
Specifically for this virus, you can configure your MS Office not to run any macro code at all, or only to do so upon confirmation from you.
If you have already fallen victim to Locky, make sure to keep the encrypted files. Since the virus is quite new, there is no way to reverse the damage right now, but this may change over time. This makes it all the more important look for updates on a regular basis.

How can you protect yourself?

The only effective protection in a worst-case scenario is to have a backup on hand which can reliably restore your data. This is also recommended by the BSI (German Federal Office for Information Security).

Paragon Backup & Recovery

Backup & Recovery 15 Home
Backup & Recovery Home

That’s why we recommend our solution Backup & Recovery 14 Free Edition for personal backups.
You can get it for private use free-of-charge at www.paragon-software.com/home/br-free/.

 

Don’t wait: today is the best day for a backup!

 

 

 

 

 

 

The Exploding Market of Cross-Platform Driver Technology

OEM driver technologyBy Tom Fedro

Recently, it was announced that Paragon Software Group and AppliedMicro were collaborating so that the AppliedMicro PACKET pro family of single and multi-core processors for network attached storage (NAS) applications would embed Paragon’s exFAT, NTFS, and HFS+ driver technology to ensure cross-platform read/write ability regardless of which operating system or storage file system is selected by the end user. Paragon is excited about the possibilities of this project with AppliedMicro, as well as a host of other OEMs expanding into the Smart TVs, Set Top Boxes, Smartphones, Tablets, and Connected devices markets.

Over 10 years ago, Paragon recognized the need for fast UFSD technology to provide full cross-platform access to all of the popular file systems under diverse platforms (Android, Linux, Windows, and Mac) where these file systems are not natively supported — while maintaining data integrity. Paragon’s technology successfully bridges the gap between any file system and the various operating systems or embedded kernels in the market.

We’re proud to be working with some of the most respected names in the industry such as Acer, ASUS, Belkin, ZTE, Cisco Systems, Hitachi, NETGEAR, Logitech, LG Electronics, WD and Seagate to name a few.

Paragon proved its leadership in cross-platform technology with millions of satisfied end users worldwide. When compared to other alternatives, its portfolio of Android and Linux drivers provide measurably superior data throughput performance combined with strong data protection capabilities to ensure file system integrity — even in the case of unsafe removal of the storage device or a power outage.  A compelling feature set complimented by comprehensive chip set support from industry leaders like Intel, Nvidia and Qualcomm to Marvell Semiconductor, Realtek Semiconductor, PLX Technology, Cavium Networks, and Applied Micro has propelled Paragon to be the standard in cross-platform file sharing for the mobile device and embedded system marketplace segments.

We continue to be impressed with the variety of devices utilizing our driver technology that our OEMs and chip manufacturers are bringing to market; from next-generation smart phones and smart TVs to tablets, set-top boxes and advanced digital media players. It’s a very exciting time for the company.

 

Platform Independence Drives High Demand for Universal File System Driver Technology

Smartphone Storage Options by Eric Zeman of Informationweek

 

 

 

 

 

 

 

By Tom Fedro

Recently, Eric Zeman posted a piece on Informationweek.com about Smartphone storage Options. It was very well laid out explaining all the choices available among the different manufacturers and pointing out the upgrade costs for extra storage. The options ranged from purchasing expandable storage in the form of a microSD memory card to tapping your PC to view your movie and music collection. While informative, the conversation ought to be expanded to discuss the assurance that different devices with differing operating systems can indeed communicate, share, and recognize the storage hardware used.

For example, in a household of five, you might have a mix of varying Windows operating systems, new Android devices, iPhones, Tablets and Macs, all potentially capable of playing music or movies from a network attached shared storage device. What is often overlooked is that the differing Operating Systems (OS’s) may not be able to communicate. That is where universal file system drivers (UFSD) technology can add real value.

UFSDs enable devices with different OS’s, Chip sets, and firmware to share data and manipulate files seamlessly – basically providing complete platform independence for the user. Many OEMs partner with companies providing this technology and embed it into their devices to maximize the customer experience, making access more user-friendly.

With the soaring popularity of smart devices, the ability of the devices to interact seamlessly with storage will become more important and drive the mass adoption of UFSD technology along the way. So while the availability of storage for smart devices is a story, it isn’t the whole story; embedded systems that include UFSD technology that empower users with complete platform and OS independence will see solid growth in the coming years.

 

The Value of Data Storage vs. the Cost – Software Defined Storage

Balancing the cost vs the value of storageSenior Strategist Randy Kerns argued on Storage Soup that businesses cannot really just focus on the cost to store information; that the focus should be about the value. Other factors, for example, should be evaluated such as the speed at which data needs to be retrieved, how important the protection and integrity of the data is, how long must the data be stored to meet compliance and regulations in the industry. He is really spot-on.

Often, IT managers, directors and engineers find themselves arguing the need for highly effective storage and backup solutions only to be shot down by Finance. Unfortunately, it sometimes takes a disaster, such as a hurricane, fire, earthquake. tornado or some other event, to get their point across. Communication is paramount; tech managers must speak in the language of profits and losses to help drive the point home.

While the argument for the value of securing data is important, especially as our need to save data increases exponentially we can’t dismiss the associated investment involved. Fortunately, the cost of saving and protecting the data has decreased with advances in technology. In fact, software-defined storage seems to be logical direction for the market to head. By implementing a software solution for storage, the hardware manufacturer is irrelevant, enabling the engineer to use commodity off-the-shelf (read inexpensive) components.

Good news is there are storage options on the market today that make securing your company’s data much more affordable than it was even 12 months ago.  Software defined storage is a trend that needs to be followed closely by any serious IT Executive.

Benefits of Licensing the Technician Rather Than the Hardware

Hard Disk Manager Field Technician License

By Tom Fedro

Guardian I.T. Services, a provider of IT services and consulting in southwest Florida, was faced with multiple similar projects where clients – including Charlotte County Airport Authority’s Punta Gorda Airport – had to migrate critical systems to new hardware and/or larger drives, to meet the growing demand for more storage and performance.

David Ward, president of Guardian I.T. Services, searched for nine months for software that enabled him to migrate his customers’ servers to new drives or all new hardware without hassle and without any risk of data loss. After vetting a short list, Ward selected software that ultimately offered a suite of disk management tools (including image-based backup and recovery), as well as a licensing model that saved his clients thousands of dollars because the software was uniquely licensed to the user rather than the hardware. Paragon’s Hard Disk Manager (HDM) Technician License offered twice the features at half the cost as the next best product he tested; the Technician License decreased the per-server cost even more.

After only four months of using HDM to create snapshots of all of the airport’s security systems, the hard drive of one of the servers failed and brought the entire system to a halt. The server that failed stored and managed all of the airport’s security data such as badges, personnel information, and security clearance – required for FAA, TSA, Homeland Security and FBI background checks along with all other regulations airports fall under.

The system was ultimately restored from an HDM image-based incremental backup to new hardware (MS Server 2003 with a new RAID configuration and two 500GB SATA hard drives).  Paragon’s “Adaptive Restore” technology allowed for a seamless restore to the dissimilar hardware.

It took only 54 minutes to get the server back up and running like nothing had ever happened. “After that one incident I will never consider using anything else; I absolutely swear by it,” said Ward about the Paragon product. “Before buying anything else, you must try Paragon. For a server restore or migration, no other software comes close in restore time, reliability and ease-of-use. I recommend Hard Disk Manager Tech License for any company with field technical support.”

Today’s Storage Mosaic

Popular Backup Methods by IndustryBy Tom Fedro

Paragon recently surveyed more than 370 IT professionals regarding the backup and restore methods employed in their networking environment. The results show that today’s storage environment is primarily serviced by local servers and Network Attached Storage. Cloud storage only made up 30 percent of the mix. And, long ago considered obsolete, tape’s foothold is nearly 40 percent.*

However, the interesting numbers lay among the makeup of storage implemented in vertical markets. Among those surveyed, the

  • Healthcare, aerospace and aeronautics industries did not use cloud services for backup at all, instead relying primarily upon local server and tape storage–this may be due to the sensitivity and complexity of the data produced by these two industries, along with associated regulations;
  • Finance industry’s unique mix of very short system-recovery and long data-retention requirements makes it the market segment with the highest integration of cloud services (36.8 percent) in the storage environment. Finance is also the highest integrator of tape into the storage mix, 68.4 percent of those surveyed; and lastly
  • Logistics and Government industries were the second and third highest users of tape backup.

Here’s a look at how the numbers aligned:

Industry

Server

Tape

Cloud

Aerospace/Aeronautics

66.7%

50.0%

0.0%

Education

50.0%

53.6%

17.9%

Finance

47.4%

68.4%

36.8%

Healthcare

50.0%

50.0%

0.0%

Government

60.0%

56.0%

16.0%

Insurance

50.0%

50.0%

25.0%

Logistics

66.7%

66.7%

33.3%

Manufacturing

41.7%

55.6%

25.0%

Non-Profit

42.9%

42.9%

21.4%

Real Estate

75.0%

50.0%

25.0%

Retail

47.1%

23.5%

35.3%

Telecommunications

33.3%

50.0%

33.3%

Transportation

60.0%

40.0%

10.0%

For all the hoopla surrounding cloud, it appears that in all industries IT professionals still prefer to maintain some control over their organization’s critical data, unwilling to completely trust the cloud in the event of a disaster.

* Note: In some cases, multiple storage methods are employed within the same IT environment thus resulting in a totaling of storage methods greater than 100 percent.

Who Can Benefit from Software-Defined Storage via an iSCSI SAN or NAS?

Benefits of Software Defined StorageBy Tom Fedro

There’s a lot of talk about software-defined storage lately. It even has its own Twitter hashtag: #softwaredefinedstorage to keep us up to date on the topic. The emergence of iSCSI-based SAN & NAS means that an IT department with budgetary constraints can have a scalable, highly available and affordable storage network using off-the-shelf hardware. Furthermore, building your own iSCSI SAN is a fairly easy task.

But why bother with an iSCSI SAN at all?

With an iSCSI SAN you can do many common tasks far easier and faster than with conventional file servers and direct attached disks. A SAN gives you “shared storage” on your network, meaning that you can centrally manage all of your storage from one device as opposed to managing storage on each individual application server. Some of the advantages of shared storage includes enabling simplified backups when using snapshots and allowing replication between storage devices — for off-siting data — to be done at a far lower cost than with host-based replication.

Who can benefit most from an iSCSI SAN? Any company that places a high value on their data can benefit from an iSCSI SAN, including

  • Any IT shop with limited resources and limited budgets. iSCSI is a proven technology that costs significantly less than Fiber Channel and provides superior data protection and cost reductions over traditional direct attached disks (also referred to as DAS). iSCSI is fully supported by VMware and many  other virtual machine vendors: in most cases an iSCSI SAN is the best choice for server virtualization projects.
  • Designers and testing and development teams that require immediate and fast access to data and backup sets, without waiting for delays with traditional tape-based backups.
  • When data is required in real time across geographically distributed organizations, iSCSI makes the most sense due to the low cost and ease-of-use of IP Networking.
  • Organizations that host other people’s data such as Application Service Providers (ASPs), Internet Service Providers (ISPs) or Storage Service Providers (SSPs) can all benefit from a reduced TCO footprint when using iSCSI storage.
  • Anywhere remote data replication or disaster recovery is a requirement: Typically as organizations start to expand (i.e., a new office is opened or a new company is acquired in another state), the costs associated with traditional data protection such as tape off-siting and data center hosting costs can be significantly reduced by leveraging remote sites and iSCSI.
  • Even the smallest companies can seek a positive ROI when using iSCSI storage to back up straight to disk before going to tape, essentially retaining weeks or even months of backups for protection against data loss and for legal/compliancy requirements, thus reducing the dependency on backup tape.

But software-defined storage is only touching the surface of the impact of this technology. Software-defined networks may in fact eliminate siloed functions of servers in the near-future data center…all while cutting the expenses associated with traditional data centers.

iSCSI vs FC—Which Is Better for Storage?

iSCSI vs FC storageA standard protocol for decades, SCSI (Small Computer Systems Interface), enables computers to communicate with storage devices. As system interconnects move from the classic bus structure to a network structure, SCSI commands must be mapped to network transport protocols. Today’s IP Gigabit networks meet the performance requirements to seamlessly transport SCSI commands between application servers to centralized storage.

The iSCSI protocol enables the transfer of SCSI packets over a TCP/IP (Ethernet) network. iSCSI is an interoperable solution which enables the use of existing TCP/IP infrastructure and addresses distance limitations; iSCSI can also be used over the Internet. This means the disk drives in your SAN are presented over your existing Ethernet network to server applications as though the disks are local to your physical server hardware.

Don’t confuse this with traditional SCSI disks; in fact, iSCSI storage is typically implemented with affordable SATA or SAS disks. iSCSI presents block-based storage resembling your internal disk drives, whereas a NAS is nothing more than a plain file server that presents storage as file shares. A common scenario is to use a portion of your iSCSI SAN storage as back-end disks for file servers (NAS), consolidating both application data and file shares into one appliance.

With iSCSI storage you can use any IP switches and routers, and the client machines (your servers) can use a software driver called an “initiator” instead of the more costly FC HBAs (Host Based Adapters). For older servers with lower-powered CPUs you can use an iSCSI HBA, which is still lower cost than a FC HBA. Microsoft provides freely downloadable software iSCSI Initiators and endorses iSCSI technology for Windows, helping to promote iSCSI  awareness. The concept of using an IP network for block-based storage causes many people to incorrectly assume storage traffic will clutter their LAN, or that IP networking may not provide the necessary performance your applications require. While it is true that many early iSCSI vendors were shipping products that were not up to the job of enterprise class applications such as Microsoft Exchange, VMware and SQL Server, there is also a well-established base of vendors that are shipping iSCSI storage into SMBs and enterprise customers.

The iSCSI protocol provides numerous benefits for SANs vs Fiber Channel, a few key points are summarized below:

  • iSCSI uses familiar networking standards (Ethernet and TCP/IP): Most IT administrators are already familiar with TCP/IP, unlike the more complex skills required for FC storage.
  • Total storage costs are reduced: iSCSI SANs are easier to install and maintain than FC, lowering installation and maintenance expenses. iSCSI reduces the necessity of hiring or outsourcing
    storage administration.
  • Replication works over a standard IP network: iSCSI replication eliminates distance limitations and costs associated with FC routers.
  • Reduces complexity by eliminating FC switches and cabling: Using standard Ethernet switches simplifies everything as most organizations already have in-house IP networking skills.
  • iSCSI scales to 10 Gigabit: For enterprise applications that require high transactional performance 10GigE is available, thus expanding iSCSI Storage Networks’ performance to equal the performance of Metro and Wide Area Networks.

iSCSI’s use of IP Networking means long distance is no longer an issue for backing up remote sites or performing disaster recovery. With the use of Secure Internet Protocol (IPSec) and Secure Sockets Layer (SSL) to provide authentication and privacy, iSCSI over a public network is a viable method to extend the corporate network without incurring high costs.10 Gigabit Ethernet provides enough bandwidth and iSCSI allows any IT administrator to easily deploy a true SAN over an IP network.