Ransomware is a growing global concern. Recent attacks, like WannaCry in May 2017, are presenting a serious challenge to the security of information at businesses and organizations worldwide.
A form of Crypto Virus or CryptoLocker, ransomware is a type of malware that blocks access to various items in return for a ransom demand. Once the ransom is paid, often times in Bitcoin, the agent behind the ransomware attack will presumably provide whatever is needed to regain access. The perpetrator often includes additional threats in the attack to:
- Release (potentially sensitive) data, publicly
- Increase the ransom payment amount over time
- Erase all data and render all computers inoperable
- Claim to be law enforcement and threaten prosecution
There are different types of ransomware. However, generally all of them will prevent you from using your computer normally or accessing your files. Attackers use techniques to gain access to victims’ computer or network, often using a whale-phishing or spear-phishing attack. Files are then encrypted, and usually a payment of some form is demanded to restore access to the files.
It can be practically impossible to reverse-engineer the encryption or unlock files without the encryption key. In some cases, however, third-party tools released by security firms are able to decrypt files for certain families of ransomware.
Prevention is the best plan
The best measure of prevention to maintain the safety of confidential, sensitive, or important files is to have a back-up plan that ensures files are securely backed up in a remote, un-connected backup or document storage facility.
Make your backup to an external hard drive or remote system. Make sure the backup is not connected to your network or the internet. A backup that is still connected to your network or computer when an attack happens may be locked out of your reach.
How Document Locator and SQL storage mitigates risk
Document Locator leverages Microsoft SQL as a content database. Using File Tables in SQL (blob, or Binary Large Object storage), all content including documents, images and other types of files are securely maintained as single entities within the database.
Often, malware is executable on a user’s computer and designed to quickly attach and navigate through a network directory and attack files. However, storage of files within SQL in Document Locator prevents malware from navigating through and systematically encrypting or corrupting other documents in the system.
When a person works on a document in Document Locator, the checkout/checkin functionality places an electronic copy of the file on the end-user’s workstation while maintaining the original version securely within Document Locator’s backend server inside Microsoft’s SQL Server database. As a result, even if ransomware or malware impacted the local-file while it is being edited, the original version will not be impacted and will remain safe within Document Locator. In addition, if virus-infected files were uploaded into Document Locator, the virus cannot propagate because of the database’s disk store isolation.
Since malware-infected files placed into Document Locator’s SQL Server datastore cannot escape while on the server and propagate across the network, files are effectively isolated in the SQL datastore. Over time, as files are opened again in the future, anti-virus/malware software definitions are likely to be updated to prevent an affected file from causing harm again.
Document Locator’s system of file versioning maintains a separate and complete file for each version saved. If one version is corrupted or encrypted, you can always rollback to prior versions without losing the entire content of the file. Only the most recent file may be infected. Files can also be restored from a backup.