Special Edition is the blog for security testing business SE Labs. It explains how we test security products, reports on the internet threats we find and provides security tips for businesses, other organisations and home users.

Friday, 5 August 2016

Anti-malware vs. ransomware: latest reports

Ransomware is a nasty category of attack that we’ve seen dominating the so-called 'threat landscape' in recent months. It can affect every type of computer user including home users, small businesses and even extremely large enterprises. Anyone who stores valuable data on a computer is at risk of this digital extortion racket, which encrypts data files and offers the key to recovery for a hefty price.

Over the last three months we have been monitoring the threats that affect real users and businesses. We've used many of these attacks to test systems protected by a range of different security products, including some very well-known anti-malware programs.

Because we're seeing a lot of ransomware on the internet, and because we believe that testing security products should revolve around the significant threats out there (rather than the very obscure, rare ones), there was a large amount of ransomware used in the test. We are proud to present the results of that work in these reports.

Read about how the leading anti-malware products handle today's threats.
(To access the business reports you need a free account. Register now.)

Large businesses/ enterprises

https://selabs.uk/download/enterprise/april-june-2016-enterprise.pdf

Small to medium businesses

https://selabs.uk/download/small_business/april-june-2016-smb.pdf

Home users/ consumers

https://selabs.uk/download/consumers/april-june-2016-consumer.pdf

UPDATE: There are new reports available.

Monday, 1 August 2016

Defeat ransomware with free backups

Ransomware is a serious problem but protecting your data can be simple and inexpensive - if you choose your cloud storage provider carefully...

I know, I know. You were tired at the time and not really concentrating. You double-clicked an infected attachment and the world suddenly became a very hostile place.

Your files might as well be in Swahili. A ransom note, with a grasp of English you'd normally find endearing, is mocking you for your bad luck. If you don't figure out what a Bitcoin is, and how to send one to a person whom you'd very much like to die a slow and painful death, you'll lose everything forever. Or will you?

You could try to identify the exact strain of the exact family of infection, and see if a kindly anti-virus company or independent researcher has managed to figure out how to decrypt your precious files. If they haven't, what then?

By now, any computer expert worth their salt should be saying, "Wipe the machine and restore last night's backup." Of course, the backups! Cloud storage will save us! But there could be a problem…

If your cloud backup service re-uses space, and has over-written previous backups with the newly encrypted files (which, after all, look just like a bunch of freshly updated documents that need to be backed-up), then technically there is no backup. So, Bitcoins and a seedy alley on the dark web it is.

If you're busy, on the move, or have "non-technical" users to look after, you need backups that will both protect you from ransomware and take care of themselves. For safety from fire and theft, those backups also need to be stored off-site, which is why cloud backup services are ideal.

However, rather than continuously and efficiently updating a single archive, the ransomware threat means that you really need a service that keeps previous versions of everything.

There are many online backup services that offer file versioning, and to the best of my knowledge, the following all provide it on their free plans.
  • Blaucloud includes a versioning app that will keep old versions of files until you run out of space.
  • CrashPlan allows you to set backup frequency and versioning frequency.
  • Cubby contains versioning as standard in the free plan.
  • Dropbox has unlimited versioning as standard.
  • ElephantDrive provides unlimited versioning on its free Lite plan.
  • Google Drive keeps up to 100 versions per file, stored for up to 30 days.
  • iDrive stores up to 30 versions.
  • Mozy stores old versions for up to 30 days
  • pCloud stores old versions and deleted files can be restored.
  • PowerFolder stores the last versions of files.
Ransomware is a 21st century plague, fuelled by greed. How you respond to it is paramount, because not paying the ransom is possibly the only way that will cause it to fall from favour with criminals. Versioning online backups are one way of helping that happy day come sooner.

Author: Jon Thompson (Email: jon@selabs.uk; Twitter: @jon_thompson_uk)