March 23, 2018
New Strain of Ransomware Deletes Backup Data
A new strain of ransomware goes a step further than the run of the mill variants we have seen in the past. According to researchers, Zenis ransomware encrypts files regardless of whether victims pay the ransom.
During the encryption procedure, the virus also searches for and overwrites backups. It is unclear how Zenis is being disbursed to victims, but researchers believe it is possibly spreading through a vulnerability tied to remote desktop services.
If infecting a victim and decrypting files, Zenis demands a payment and provides instructions on how to get your files back. However, victims should NEVER pay the ransom. As we found in Datto’s State of the Channel Ransomware Report, there’s no guarantee you will retrieve your data even if you pay the ransom.
Currently, there is no known decryption method for Zenis, but Bleeping Computer has created a Zenis help and support forum in the unlucky event someone is infected.
This type of ransomware is further indication that you need a backup solution that is not stored on your production machines and not accessible to your production machines. Your production machines are exposed to their backup data at the time of a backup, to make sure that the new data change can transmit properly. We also use an encrypted proprietary transmission process called Mercury with all agent services created by Datto to make it even harder for ransomware to access the backup data. In the unlikely event that ransomware does encrypt the backup data on a Datto Continuity product, then, after you have cleaned all other locations and patient zero, you can have support rollback the data on the Continuity product to a time before the encryption.
How to Avoid Ransomware
Education: It's critical that your staff understands what ransomware is and the threats that it poses. Provide your team with specific examples of suspicious emails with clear instructions on what to do if they encounter a potential ransomware lure (i.e. don’t open attachments, if you see something, say something, etc.).
Security: Antivirus software is essential for any business to protect against ransomware and other risks. Ensure your security software is up to date to protect against newly identified threats. Keep all business applications patched and updated to minimise vulnerabilities.
Backup: Modern total data protection solutions take snapshot-based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean and the malware can’t be triggered again.
To find out about ransomware and what MSPs can do to fight back, check out the full report here. The report features new stats and forecasts on ransomware and its impact on businesses, the leading variants, best practices for ransomware protection, and more. Download it today!