This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ransomware attacks

Jay_MacVean
Star Collaborator
Star Collaborator

‎02-03-2017 05:57 AM

I'd like to know what sort of tools or configuration options to employ when trying to defend against ransomware.  If my copies of stored images are suddenly encrypted what is the best strategy for protecting them.  Should I have an extra copy in a read only environment? Could I replicate my files and use the new share after infection as a foreign disk group?  Would it be best to have a file store in a VM server that could be snapshot?  

 

Since ransomware has already hit two of my customers in the past year I would like to see more visibility of the issue by Hyland with a discussion starting on ways to protect the disk groups and database from ransomware and other types of attacks. 

Jay MacVean

Konica Minolta Tech Support

Labels:
0 Kudos
4 REPLIES 4

Michael_Reindel
Content Contributor
Content Contributor

‎02-03-2017 06:11 AM

Hi Jay,

 

Ransomware attacks can be prevented in a variety of ways. One way, as you mentioned, is to have a read-only copy, or secondary/tertiary copy in a location that is not normally accessed. Should ransomware affect the primary disk group, then this read-only copy could be promoted to primary. The primary issue with this method is that all of the data may not be synchronized, or some synchronized data may already be subject to the ransomware.

Snapshots are another option, but will require more work to determine when the ransomware was initially allowed in, and may result in a significant loss of data if not caught quickly.

The best method is to restrict UNC access to the disk group share(s). This can be accomplished using the proper impersonation method in IIS, as well as DDS. Using these two methods, UNC access is permitted to a single service account, disabling direct user UNC access, and thus preventing ransomware from a workstation to access the files directly. 

Other security options outside of OnBase, such as disabling embedded links in emails, web filtering, country blocking, etc. are important as well in keeping ransomware from even entering the environment.

If you have further questions, or would like to chat, please let me know.

Mike

0 Kudos

Jay_MacVean
Star Collaborator
Star Collaborator
In response to Michael_Reindel

‎02-04-2017 06:34 PM

Thanks Mike. I have suggested DDS too. I'm also considering something like a foreign disk group that I could create by copying files to a non-used location. If the main file storage system were to be attacked we could stand-up the copied files as a foreign disk group in pinch. Storage is cheap. Too bad we can't map into a cloud storage with something.
0 Kudos

Josh_Gatka
Champ in-the-making
Champ in-the-making

‎02-03-2017 06:47 AM

Hi Jay,

 

Thanks for reaching out!  Regarding Mike's answer, specifically on DDS - I recently wrote a blog entry about Ransomware.  The OnBase Distributed Disk Services module can be used to add an extra layer of security against ransomware attacks because it acts as an intermediary between the client and the OnBase Disk Groups.

0 Kudos

Jay_MacVean
Star Collaborator
Star Collaborator
In response to Josh_Gatka

‎02-04-2017 06:31 PM

Yes Josh I had read that earlier. I have had two customers get hit by ransomware this past year and they've wondered about strategy and system configuration afterwards.
0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC