Ransomware preparedness and recovery guide

Ransomware has proven to be phenomenally effective at producing a
fortune in ransom payments for its nefarious authors. It’s been estimated
that cybercrime cost the global economy $445 billion in 2016—and
ransomware was the primary driver. The astonishing “success” of
ransomware makes one thing certain: It’s only a matter of time before the
next form of malicious ransomware strikes. There are steps you can take
to prevent an attack, and a few ways to get your data back if your systems
become infected. The first step is knowing what ransomware is and how it
extracts payments from victims.

Ransomware overview
Ransomware is a type of malware that prevents users from accessing their
data until they pay a ransom. Most ransomware viruses are triggered by
clicking a link in an email or opening an attachment. When combined with
phishing techniques, these emails may seem like normal correspondence
from a business partner.

Recent forms of ransomware
Ransomware in its various forms has been around since 1989, and it shows
no signs of slowing down. The problem has gotten worse in recent years due
to the popularity of mobile devices and anonymous payment methods, like
Bitcoin, which make it easier for cybercriminals to cover their tracks and
evade law enforcement.

How to prepare for a ransomware attack
It’s important to warn employees about clicking on suspicious attachments,
but they may fail to adhere to the policy or simply be fooled by a well targeted
phishing attack. Additionally, while firewall protection and security
software are crucial components in a ransomware-prevention strategy, they
won’t guarantee protection. When prevention methods fail, the best way to
regain access to your data is by having a backup plan in place.

Since the latest version of your files may be affected by the virus, a backup
solution with a versioning feature is necessary. It allows you to roll back to a
specific date before your systems were infected. Although ransomware will
eventually make itself known to you, the virus can take hours or days while
it spreads and encrypts your files before sending you the ransom message.
On shared drives, this is a huge problem when suddenly, not only are your
files unusable, but creating new ones results in more infected files.

The only ways to get things back to normal is to roll back to a complete, clean set of files that was backed up before the initial infection took place. This is where the frequency of your backups becomes a key component of your recovery strategy. The more frequently you back up, the more recent your recovery point can be. Having automatic, continuous backups also ensures data protection with minimal human intervention. Depending on the nature of your business, it may be worthwhile to run more frequent,
continuous backups.

An added benefit of using a backup plan as part of a prevention strategy
is that it also protects you from other common causes of data loss, such as
server or disk failure, natural disasters, and human error. While any data recovery effort costs time and resources, paying a ransom might be an even bigger risk since it doesn’t necessarily guarantee you’ll get your data back. You’re essentially counting on the trustworthiness of thieves to give you the encryption key after they’ve taken your money. With a complete backup of your data that includes an earlier version of your system
before it became infected, you stand a very good chance of recovering most
of your data without ever having to pay a ransom.

If you have a comprehensive malware-prevention strategy in place and
a backup plan is part of it, here are the five steps you should take if your
systems become infected:

  1. As soon as you’re aware of an attack on your computer, file server or
    network, immediately shut down all file sharing activity.
  2. Use your antivirus software to determine where the infection happened. If
    you can’t determine where the infection originated using antivirus software,
    right click on an infected file to find out the last user or computer to make
    changes to the file. This will tell you where the infection originated.
  3. Assess the extent of the infection and the damage.
  4. Remove the virus by deleting all infected files.
  5. Use your backup application or dashboard tool to recover clean versions of the
    infected files. At Carbonite, we’ve had thousands of customers tell us they were able to
    recover successfully after a ransomware attack without having to pay a
    ransom. Most were able to restore all their data, sometimes in just a half-hour.
    Learn more about Carbonite backup and disaster recovery
    solutions today.

6 Guiding Principles

  • 1. Channel partners are integral to Dell Technologies overall success in delivering an excellent customer experience.
  • 2. Dell Technologies commits to deliver a simple, predictable and profitable partner program.
  • 3. Sales engagement between Dell Technologies and our Channel partners will include elements of Deal Registration, joint territory/account planning and teaming agreements. These are designed to build trusting, long-term relationships that result in satisfying our mutual customers.
  • 4. Dell Technologies commits that conflict will be managed and resolved with the highest level of prioritization and transparency.
  • 5. Dell Technologies commits to offer comprehensive training and enablement to our Channel partners for all Dell Technologies solution offerings.
  • 6. Dell Technologies commits to strengthening relationships with Distributors to develop and enable a robust Partner Community.

What is the AWS Partner Network?

The AWS Partner Network (APN) is the global community of Partners who leverage Amazon Web Services to build solutions and services for customers. AWS helps Partners build, market, and sell their AWS offerings by providing valuable business, technical, and marketing support.

There are tens of thousands of AWS Partners across the globe. More than 90% of Fortune 100 companies and the majority of Fortune 500 companies use AWS Partner solutions and services. AWS Partners are uniquely positioned to help businesses take full advantage of all that AWS has to offer and accelerate journey to the cloud.

Single-pane-of-glass cloud console providing centralized visibility, management and insight across all OSes What is an endpoint security management console?

ESET PROTECT is a cloud console, offered as a service, that ensures real-time visibility for on-premise and off-premise endpoints as well as full reporting and security management for all OSes. It is a single pane of glass over all ESET security solutions deployed in the network. It controls endpoint prevention, detection & response layers across all platforms—covering desktops, servers, virtual machines and even managed
mobile devices. Why endpoint security management?

VISIBILITY Zero-days, advanced persistent threats, targeted attacks and botnets are all concerns for industries across the world. Having visibility into these threats in real-time is extremely important to allow the IT staff to respond promptly and mitigate any risk that may have developed. Due to a continued emphasis on companies to add a mobile workforce, visibility is not just needed on premise but off-premise as well.

ESET PROTECT provides up-to-date information to inform IT staff about the status of all endpoints whether they are on-premise or off-premise. It also provides visibility into all
OSes that a company might have, not just a limited few. In most instances, visibility is also enhanced to show device-level information such as hardware or software inventories to ensure complete situational awareness.

Today’s cybersecurity landscape is constantly evolving with new attack methods and never-before seen threats. When an attack or data breach occurs, organizations
are typically surprised that their defenses were compromised or are completely unaware that the attack even happened. After the attack is discovered, organizations
may then want to execute specific tasks across devices, such as scans. This may lead organizations to completely change their configuration policies to better
protect against a future attack. ESET PROTECT comes with powerful and smart predefined policies but allows organizations to fine-tune the policies or
configurations of endpoint security products at any time. In addition, tasks can be automated to save IT admins the time from manually having to execute them on each
individual computer.

On top of having to meet data compliance regulations, most organizations have their internal requirements related to reporting. No matter the organization, there will be reports that need to be generated at scheduled intervals and provided to relevant parties or stored for future use.

ESET PROTECT can generate reports at scheduled intervals and saved to specific folders or emailed directly to someone who requested it. There are dozens of useful report templates, and these can be used right away or customized to provide the requestor with
what they need. This process is paramount to saving IT admins time in the busy work associated with on-going reporting. “The major advantage of ESET is that you have all
users on one console and can manage and properly review their security status.”
— Jos Savelkoul, Team Leader ICT-Department; Zuyderland Hospital, Netherlands, 10,000+ seats Having visibility into these threats in real-time is extremely important to allow
IT staff to respond promptly and mitigate any risk that may have developed. No matter the
organization, there will be reports that need to be generated at scheduled intervals and provided to relevant parties or stored for future use. The ESET difference PREVENTION TO RESPONSE Within a single console,

ESET PROTECT combines the management of multiple ESET’s security solutions. From threat prevention to detection and response, they cover your entire organization in a multilayered fashion for the best level of protection. SINGLE-CLICK INCIDENT REMEDIATIONS From the main dashboard, an IT admin can quickly assess the situation and respond to issues. Actions such as create an exclusion, submit files for further
analysis or initiate a scan are available within a single click. Exclusions can be made by threat name, URL, hash or combination.

Starting with MFA-protected access, the console is equipped with an advanced Role-Based Access Control (RBAC) system. Assign admins and console users to specific network branches, groups of objects, and specify permission sets with a high degree
of granularity.FULLY CUSTOMIZABLE NOTIFICATION SYSTEM The notification system features a full “what you see is what you get” editor, where you will be able to fully configure notifications to be alerted on the exact information you want to be

ESET PROTECT -provides over 170 built-in reports and allows you to create custom reports from over 1000 data points. This allows organizations to create reports to look and feel exactly as they might want. Once created, reports can be set up to be generated and emailed at scheduled intervals. AUTOMATION FRAMEWORK Dynamic groups can sort
computers based on current device status or defined inclusion criteria. Tasks can then be set up to trigger actions such as scans, policy changes or software installs/ uninstalls based off dynamic group membership changes.

A comprehensive hardware detection algorithm is used to determine the identity of the machine based on its hardware. This allows automated re-imaging and cloning of non-persistent hardware environments. Therefore, ESET’s VDI support requires no manual interaction and is fully automated.

ESET has been in the security industry for over 30 years, and we continue to evolve our technology to stay one step ahead of the newest threats. This has led us to be trusted by over 110 million users worldwide. Our technology is constantly scrutinized and validated
by third-party testers who show how effective our approach is at stopping the latest threats.

If you’re a Managed Service Provider (MSP) taking care of your clients’ networks, you’ll
appreciate the full multi-tenancy capabilities of ESET PROTECT. MSP licenses are automatically detected and synced with the licensing server, and the console lets you do advanced actions such as install/remove any 3rd party application, run scripts, remote commands, list running processes, HW configurations, etc. “Outstanding company, superb technical support, provides strong threat protection and central
management.”— Dave, Manager of IT, Deer Valley Unified School District, USA,
15,500+ seats Not on a cloud console? This will help you decide.

When deciding whether to move from on-prem security console, cloud may seem expensive first. But think again—you’ll no longer need to maintain a server, and spend time with regular upgrades, patches, or restarts. Let alone server licenses and backups; which makes cloud console a better deal within a short time span.

With a cloud console, time to protection is significantly shorter. No longer burning resources waiting for components to install, or even scheduling the installation on a server in the first place. Just open your account with ESET, and add all the endpoints to be
protected—it is as simple as that.

Leave the updating of the console up to us. We’ll do it in the background, and you’ll always be on the latest version with the latest components. That way your organization will benefit from the latest features, and the admins can enjoy the most recent user experience improvements straight from our roadmap.

All you need is your favorite web browser. Indeed, most on-prem consoles can be accessed that way already. But with the cloud, no firewall exclusions or complicated VPN
setups are required anymore. You can also rely on the robust cloud infrastructure for maximum possible uptime.

On the cloud console, ESET experts will be able to provide more effective support or troubleshooting if necessary—which is given by the simple fact that there will be no time wasted finding out what version you’re currently on, because you’re always on the latest one.

Use cases
Ransomware Code developers A user opens a malicious email containing a new form
of ransomware.

✓ IT department receives a notification via email and their SIEM that a new threat was detected on a certain computer.
✓A scan is initiated with a single click on the infected computer.
✓The file is submitted to ESET Dynamic ThreatDefense with another click.
✓After confirming the threat has been contained, warnings in the ESET PROTECT console are cleared automatically. Programmers who work with code on their work
computers might tend to create false positives due to compiling software.

✓ IT department receives a notification via email and its SIEM that a new threat was found.
✓ The notification shows the threat came from a developer’s computer.
✓ With one click, the file is submitted to ESET Dynamic Threat Defense to confirm the file is not malicious.
✓ IT department, with one click, puts an exclusion inplace to prevent future false positives from being displayed on this folder. ESET PROTECT dashboard— incidents overview
VDI deployments Hardware and software inventory Software remediation
Non-persistent hardware environments typically require manual interaction from an IT department and create reporting and visibility nightmares.

✓ After deploying a master image to computers already present in ESET PROTECT, computers will continue reporting to the previous instance despite a complete re-image of the system.
✓ Machines returning to their initial state at the end of a work shift will not cause duplicate machines and instead will be matched into one record.
✓ On deployment of non-persistent images, you can create an image that includes the agent, so whenever a new machine is created with another
hardware fingerprint, it automatically creates new records in ESET PROTECT.
Organizations need to know what software is installed on each computer, as well as how old each computer is.

✓ View every installed piece of software, including version number, in the computer record.
✓ View every computer’s hardware details, such as device, manufacturer, model, serial number, processor, RAM, HD space and more.
✓ Run reports to view a more holistic view of an organization in order to make budgetary decisions on hardware upgrades in future years based on current makes and models.
Organizations need to know when unapproved software has been installed, and to remediate the software afterwards.

✓ Set up a dynamic group within ESET PROTECT to look for a specific unwanted piece of software.
✓ Create a notification to alert the IT department when a computer meets this criterion.
✓ Set up a software uninstall task in the ESET PROTECT console to execute automatically when a computer meets the dynamic group criteria.
✓ Set up a user notification that automatically pops up on the user’s screen, indicating that they committed a software installation violation by installing the
software in question.

can be installed on Windows, Linux or deployed as a Virtual Appliance. Multi-tenancy support and 2FA secured logins allow full streamlining of responsibilities across large enterprise teams. “Centrally managed security on all endpoints, servers and mobile devices was a key benefit for us.”— IT Manager, Diamantis Masoutis S.A., Greece,
6,000+ seats Technical features

All ESET endpoint products can be managed from a single ESET PROTECT console. This includes workstations, mobiles, servers, and virtual machines and the following OSes: Windows, macOS, Linux, and Android.

Full Disk Encryption is native to ESET PROTECT, managing encryption of data on both Windows and Mac (FileVault) endpoints, improving data security and helping organizations solving the problem of data regulation compliance.

The support for cloud sandbox greatly improves detection of zero-day threats such as ransomware by quickly analyzing suspicious files in the powerful ESET cloud sandbox.

Not only does ESET PROTECT report on all installed software applications across an organization, it also reports on installed hardware.

Multiple users and permission groups can be created to allow access to a limited portion of the ESET PROTECT console. This allows full streamlining of responsibilities across large enterprise teams. This allows you to do more from a single location by dynamically grouping computers based on make, model, OS, processor, RAM, HD space and many more items.

Organizations can set up multiple policies for the same computer or group and can nest policies for inherited permissions. In addition, organizations can configure policy settings as user-configurable, so you can lock down any number of settings from the end users.

ESET PROTECT fully supports SIEM tools and can output all log information in the widely accepted JSON or LEEF format, allowing for integration with Security Operations Centers (SOC). Dashboard of ESET PROTECT WANT TO HOST THE CONSOLE IN-HOUSE? For some organizations, hosting software in-house is a requirement for various internal or legal reasons. Besides the cloud console, ESET PROTECT is available as a full-featured on-premise solution for in-house deployments.

ESET PROTECT can be installed on Windows, Linux or
via Virtual Appliance. After installation, all management
is done via a web-console, allowing easy access and
management from any device or operating system.

To further improve situational awareness and obtain visibility in the network, ESET PROTECT supports our EDR (Endpoint Detection & Response) solution, ESET Enterprise Inspector. EEI is multiplatform (Windows and macOS), enables advanced threat hunting and remediation, and can seamlessly integrate with your Security Operation Center.
*EDR support is only available for on-prem ESET PROTECT deployments

How to buy: Simply purchase any of the solutions for businesses directly from our dedicated website. Start your 30-days trial now, Unlock your 30-day free trial to test out
the fully functional solution, including protection for endpoints. Migration from on-premise ESET console: Looking to migrate from an ESET on-prem console? Contact your authorized reseller or ESET sales team member to get started: https://www.eset.com/us/contact-sales

Your next steps About ESET
For more than 30 years, ESET® has been developing industry-leading IT security
software and services, delivering instant, comprehensive protection against
evolving cybersecurity threats for businesses and consumers worldwide. ESET is privately owned. With no debts and no loans, we have the freedom to do what needs to be done for the ultimate protection of all our customers. 110m+ users worldwide 400k+ business customers 200+ countries & territories 13 global R&D centers ESET IN NUMBERS SOME OF OUR CUSTOMERS ISP security partner since 2008 2 million customer base protected by ESET since 2017 more than 14,000 endpoints protected by ESET since 2016 more than 9,000 endpoints protected by ESET since 2016 more than 4,000 mailboxes Why choose ESET Gartner Inc, Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Lawrence Pingree, Dionisio Zumerle, Prateek Bhajanka, Paul Webber, August 20, 2019. Gartner does not endorse any vendor, product or service depicted in its research publications. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner Peer Insights is a free peer review and ratings platform designed for enterprise software and services decision makers. Reviews go through a strict validation and moderation process to ensure information is authentic. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.

ANALYST RECOGNITION ESET was named the only Challenger in 2019 Gartner Magic Quadrant for Endpoint Protection Platforms, for the second year running. ESET was rated a Strong Performer in the Forrester Wave(TM): Endpoint Security Suites, Q3 2019. ESET was rated ‘Top Player’ in the 2019 Radicati Endpoint Security report according to two main criteria: functionality and strategic vision. ESET is compliant with ISO/IEC 27001:2013, an internationally recognized and applicable security standard in implementing and managing information security. The certification is granted by the third-party accredited certification body SGS and demonstrates ESET’s full compliance with industry-leading best practices. ISO/IEC 27001 SYSTEM CERTIFICATION 2020111

Follow Us On Social Media