Dangerous Guacamole or: Why You Should Stop Relying on Expensive Security Software to Protect Against Ransomware

Petya Lockscreen


If you’re a small business owner, Ransomware should be high on the list of things keeping you up at night. All it takes is one wrong click of the mouse and your company’s records, customer data, and systems are held captive, locked behind a gate of encryption the attacker promises can only be broken by sending a few bitcoin their way. A neighbor of mine just got hit while searching for Guacamole recipes. Seriously, guac. Is nothing sacred anymore?

Even if you’re not looking to serve up some world-class green stuff for your Cinco de Mayo party, the story illustrates how easy it is to stumble into a carefully laid trap designed to hold your data and systems hostage. We’re all just a single bad Google result away from potential disaster. What would you do if you woke up tomorrow to find out all of your computers, digital info, and even point of sale terminals were crippled?

But this story has a happy ending. My neighbor – let’s call her Sally because I don’t actually know her real name – had deployed the single most effective weapon in the fight against Ransomware: an off-site backup.

You’d be hard-pressed nowadays to find a security vendor that doesn’t boast about their effectiveness against Ransomware. Most make claims like “99.4% effective” or tout their “advanced behavioral analysis engine”. It would be wrong to call these claims lies, exactly. All the major antivirus players are great at combatting existing malware. But what happens when the next WannaCry, Petya, or Locky exploits a previously unknown vulnerability and spreads like wildfire? Even the more advanced behavior-based detection systems are relying on the actions of previous attacks. The attackers know this, of course, and are constantly modifying their tactics to avoid detection. Computer security is a perpetual cat and mouse game, and unfortunately the mouse often comes out ahead.

That’s where a good backup plan comes into play. An comprehensive backup strategy is the best form of protection against any type of malware, including Ransomware, because it effectively acts as a time machine for your data. If something does sneak past your defenses, you can simply wipe your systems clean and roll back to a timge before the infection began. Having at least one copy of your important data off-site (typically via a cloud service such as Carbonite or CrashPlan) is crucial as it adds a layer of isolation between any infection points and your data.

I’m not saying you should completely ditch your security software. Having the right solution in place can certainly decrease your odds of infection. But too many people gain a false sense of security after investing in expensive solutions when behavior plays a much more important role. Ransomware in particular has historically spread through a one-two bunch of social engineering and technical exploits, tricking unsuspecting users into opening infected e-mail attachments or visiting corrupt websites, and then executing its payload.

When we perform a Basic Security Assesment for our clients, we first focus on good “cyber hygiene” – exercising best practices like educating employees on proper access and use of company technology, keeping operating systems up-to-date, and isolating business critical resources from the rest of the network. Many of these measures on their own act to mitigate the threat of Ransomware, and can boost the effectiveness of any security solution deployed.

And regardless of the client, we always include data backups on our list of suggestions; big or small, the need for a good backup plan is universal. The gold standard is something called the 3-2-1 rule: 3 total backups, 2 in different formats, and 1 off-site. Following the 3-2-1 rule just about guarantees your data will survive all but a cataclysmic catastrophe.

So remember: backup early, backup often, and use common sense.

As for the Guacamole? The secret is kosher salt.