Skip to content

Every IT service provider understands the risk and potential impact of ransomware. It’s a far-reaching and complex challenge that requires end-user, IT security and data protection best practices to be followed at all levels.

If you’re an IT organisation partnering with providers like Ekco to deliver services, it’s important to understand what ransomware protection is in place for your customers. You also need to be clear what is your responsibility versus what is ours.

In this blog, we look at how we protect against ransomware for three core services – IaaS, cloud backup and DR. If you are an Ekco partner and have a question on this topic, please get in touch with our team today. It’s crucial to have clarity on how your customers are protected – from your end-users right through to our upstream technology providers.

Use the links below to jump to any section of the article:

How we protect our core systems against ransomware

There’s no silver bullet for ransomware; it’s a series of best practices in place at various levels to protect users, data and applications. It’s the combined power of process and technology that drastically reduces the risk of attack and really makes the difference. Here are some of the best practices we follow at Ekco to keep our platforms, and in turn your customers, safe:

  • Multi-factor authentication (MFA) – All of our system administrators have MFA enabled as standard, which makes it much harder for an attacker to infiltrate a system, even if they have a username and password.
  • Separate admin accounts – Every administrator has a unique username and password for every platform, portal and service, so there are no backdoor or super-admin accounts that could give an attacker access to every system. This stops lateral movement even if an account is compromised.
  • Network segmentation – Our wider network is split into multiple VLANs, based on function, meaning that if one network was infected, ransomware can’t spread into other areas, limiting the effectiveness of an attack.

Why Backup alone isn’t enough to protect your customers

The ability to restore a backup of your customers’ data can be crucial during a ransomware attack, but alone it just isn’t robust enough. Ransomware is very effective at making its way around your systems, which includes backups.

Wouter de Gooijer, a NetOps Engineer in our Rotterdam office, explains “Backup or disaster recovery is your last line of defence when everything else has failed. It’s the last resort you have and shouldn’t be your only way to prevent an attack.”

If your backups get infected, you can no longer use them for recovery. Some attacks will even try to actively delete your backup, which is why prevention is just as important as response. To protect your backup data against ransomware, follow the 3-2-1 backup rule ensuring you have…

  • Three copies of your customers’ data;
  • On two different types of media;
  • With one copy in a separate, air-gapped location.

At Ekco, every customer workload is physically isolated from one another. If one customer’s backup was infected, it’s impossible for this to spread or for it to affect the entire platform.

How Veeam Backup and Replication protects against ransomware

There are ransomware features built into Veeam backup and replication, available as part of Enterprise and Enterprise Plus licenses. Frank Wijmans, a Systems Engineer based in our Alkmaar office, told us more: “There are two verification features called SureBackup and SureReplica, which can verify your backup process. Is the backup actually working? Are you able to restore all your machines? That sort of thing.”

“While verifying your backup, you also have the option to scan for malware. Veeam tries to keep up with the new types of ransomware. This obviously isn’t bulletproof but does cover a lot of known threats. After the scan is complete, you can filter the malicious files out. From there, you can pretty much restore a clean production environment.”

The functionality is built into Veeam but requires configuration in order to run, as Frank explains “People might feel it’s too time-consuming to verify your records, but you can schedule this job to run every month or three months or whatever. If you configure it, it will run against the schedule, generating a report for you each time so you know that everything’s okay. You just need to put the work in upfront to make it happen.”

The advice for partners here is to check your licenses, understand what functionality is available and ensure you have the available functionality configured correctly. If you need any assistance here, simply contact your account manager.

Advice for Partners managing Ekco IaaS environments

Partners using our IaaS service are responsible for their own configuration, monitoring, management and security, which includes protection against ransomware. Our engineers don’t have access to these environments so aren’t responsible for any maintenance or best practice implementation.

If you or your customer is affected by ransomware, we can perform incident response and airdrop in our expertise as and when you need it. We can also provide a security health check for you or your customers, helping you learn your strengths and weaknesses before an attack takes place.

Conclusion

Ransomware is a complex and fluid challenge that service providers must manage on an ongoing basis. It’s widely accepted that all organisations are a target today, so IT providers need two plans – one for prevention, and one for response. It pays to ensure you have all of the appropriate measures in place to reduce the chance of an attack and limit how far an attack can spread.

Ransomware is a high priority for most companies today, so it’s likely you’ll have questions and concerns from your customers. Partnering with Ekco means our team of cloud experts, consultants and pre-sales specialists become an extension of your company – just let us know how we can help and we’ll give you the support you need. Our job is to help you drive customer success every step of the way.

Question?
Our specialists have the answer