Jet Mariano

Tag: endpoint protection

  • Ransomware: What It Is and How I Survived Multiple Attacks

    Introduction
    Ransomware is a digital hostage situation—and it’s getting worse. It can freeze hospitals, paralyze billion-dollar businesses, and devastate small IT shops. I’ve survived multiple ransomware attacks in my career, and I’ll tell you how: I never put all my eggs in one basket. This blog explains what ransomware is, how it spreads, and how I protected myself. My defense? Layered backups. Not just the cloud—Veeam, Commvault, and old-school external drives.

    What is Ransomware?
    Ransomware is a form of malware that encrypts files and demands payment for the decryption key. It comes in two common forms:

    • Locker Ransomware: Locks you out of your device or system.
    • Crypto Ransomware: Encrypts your files and threatens to destroy or leak them if payment isn’t made.

    It often arrives silently—via phishing emails, malicious downloads, or exposed ports—and acts fast. In just minutes, entire systems can be taken hostage.

    Real-World: How I Survived Ransomware

    At Tarzana Medical Center, ransomware struck without warning. Medical data became inaccessible in minutes. I’ve seen even global giants like Ingram Micro fall victim to attacks.

    Yet every time, my systems stayed intact. Why? My systems always stayed intact—because I followed one simple rule: diversify your backups.

    Here’s how I stayed ahead of attackers:

    • I never relied solely on cloud backups (they can be corrupted or locked by the same attack).
    • I used Veeam for virtualized workloads, giving me granular recovery options.
    • I ran Commvault for enterprise-grade backup and disaster recovery.
    • I manually created offline backups to external drives and physically disconnected them to avoid remote encryption.

    This multi-layered approach allowed me to recover in hours—not days—and saved thousands in downtime and potential ransom.

    How Ransomware Spreads

    • Phishing emails with malicious attachments or links
    • Weak RDP access without MFA
    • Unpatched vulnerabilities in apps or OS
    • Rogue websites and drive-by downloads

    How to Prevent Ransomware Attacks

    1. Educate Your Team
      Train staff on email safety, suspicious links, and phishing red flags.
    2. Patch Everything
      Keep OS, firmware, and all third-party software up to date.
    3. Lock Down RDP & Admin Access
      Use MFA and limit RDP access with strict firewall rules.
    4. Deploy EDR or XDR Tools
      Use behavior-based endpoint protection—not just signature-based antivirus.
    5. Segment Your Network
      Don’t allow lateral movement. Use VLANs and access controls.
    6. Adopt a Backup Strategy That’s Offline-Friendly
      • Veeam for VM and application backup
      • Commvault for large-scale environment coverage
      • External drive backups add a final safety layer against data loss.
    7. Test Your Backups Frequently
      A backup that isn’t tested is a gamble. Run simulations regularly.

    Responding to a Ransomware Incident

    • Isolate the infected systems
    • Notify your incident response team or external partner
    • Do not pay the ransom—this only fuels more attacks
    • Restore from offline or clean backups
    • Report to authorities (FBI, IC3)

    Conclusion
    Conclusion
    Ransomware attacks are relentless—but with the right strategy, you can stay ahead.
    A strong backup routine, tested regularly, makes all the difference.

    Avoid relying on just one cloud backup. Use multiple layers—offline, cloud, and local.
    Act now—before a breach locks you out.


    Jet Mariano
    Cloud Infrastructure Engineer | Cybersecurity Practitioner
    jetmariano.us

    © 2012–2025 Jet Mariano. All rights reserved.
    For usage terms, please see the Legal Disclaimer.

error: Content is protected !!