Petya, Ransomware Trends – A Sysadmin’s View

Ransomware – the new vector of attack that is garnering worldwide attention and causing undue stress on those managing business computing environments. When I started my venture into the tech support role, I remember being thrilled to find different viruses and observe their behaviors. Nowadays, I resent the idea of one making it through our layers of protection and ultimately wreaking havoc on my infrastructure. Gone are the days of annoying and manageable infections; now are the days of disbelief when I see a new destructive ransomware variant on my news feeds.

With the recent announcement of the new “Petya” ransomware variant, my personal stress levels have risen a bit more than what is probably considered normal for a systems administrator. It seems that every day spawns a new malware variant using a zero-day exploit that we couldn’t have possibly predicted, causing reprehensible damage on businesses worldwide. Even after securing your environment with the best that the market has to offer, you feel you’re always at a disadvantage – and rightfully so, because you are. This feeling compounds after some time and leaves some administrators feeling powerless within their own environment, always fearing the inevitable. I have even seen other administrators leave the industry due to the realization that the weight of the company’s continuity rests on them, and that powerlessness becomes overwhelming.

A company’s attitude towards cybersecurity and the support they give the administrators to safeguard their wellbeing is an enormous factor in the retention of these support individuals. More often than not, I see companies that are not willing to employ proper defense strategies or recovery and continuity plans at the earnest behest of administrators. The cost of these solutions can sometimes overshadow the greater good, but the costs of not deploying these solutions being a hidden and much greater danger. Without a doubt in my mind, if those administrators vacating the industry were given proper resources to combat the threats of today, not only would they still be in the industry, but they would have the peace of mind knowing their systems are properly protected and that business can continue, even in the worst scenarios.

The question I see come up consistently when ransomware prevention is mentioned is: How? My relief was in the form of partnering with industry leaders to deploy products within our environment that not only detect ransomware and provide multiple forms of backups, but also revert attempted changes at the point of detection and stop the propagation of the infection. Ransomware incidents have gone from being time consuming and possibly detrimental to business, to now being nothing more than a nuisance. We have confirmed recovery methods that get affected systems working within minutes, not hours or days, and have redundant backups with ransomware detection that ensure we are not overwriting good data with bad data. More so, we have practiced these recoveries and have become comfortable with the environment, knowing we are well protected.

Ransomware could be the end-all for a business, but it doesn’t have to be when coupled with the proper level of support and user training. Although my stress has gone up during this time, it’s not because I worry about whether or not the company will be functioning after a ransomware attack.