Virtualization Technology News and Information
Ransomware's Dangers Up the Pressure on Your Storage, Backup Strategies
Improve Your Ransomware Resiliency with Reliable Backup and Recovery 

By Steve Costigan, Senior Director, International Solutions Architects, Zadara Storage

If your ransomware-protection strategy doesn't yet include "contain attacks--and successfully restore from backups," here's your wake-up call. The value of data is growing every year and reports of ransomware attacks are on the rise. Because otherwise, when this growing cyber-threat comes knocking, your organization may be in for a prolonged, expensive siege.

Organizations are increasingly vulnerable these days, more people working remotely, often on inadequately secured devices, which IT departments are increasingly stretched to provision and manage. At the same time, employees following COVID-19 and other news are more likely to click on dangerous web pages and email links that let ransomware attacks get in.

Here's a quick look at why ransomware poses additional dangers to your company's operations, brand, and bottom line compared to malware and other attacks - and what you can do to protect your data storage and backups from these new cyber dangers.

Ransomware Can Be Different from Previous Cyber-Threats - And Not in a Good Way

Ransomware typically denies you access to some or all of your data - and, true to its name, demands you pay the malefactor (typically in a cryptocurrency like Bitcoin) in order to regain access to your data.

This data can include your Office 365 documents and spreadsheets, CRM and other databases, confidential email and customer data - the data that your company runs on - and can't run without, or nowhere as well.

At "best," you might pay an affordable ransom, and regain access to your data in a timely fashion. Even then, paying up establishes you as a willing target to repeat attacks and to other cyber attackers.

If you have been making regular backups, you might be able to restore your data. Or in-house or third-party expertise may find a way to restore access to your data. But this can take time - days to weeks - during which your company's ability to do business is, at best, severely handicapped.

The average days of downtime from a ransomware attack is a little over two weeks. And, according to Coveware, "Business interruption costs are often five to 10 times higher than direct costs." For example, the city of Atlanta, Georgia spent over $5 million to cover from a ransomware attack in 2018 - and an estimated $50 million for a 2019 attack.

But there are other likely scenarios once a ransomware attack gets to your data:

  • UNSUCCESSFUL RESTORE. Even if you pay the demanded ransom, you may not get your data back. It's quite possible that the ransomware attacker can't undo their attack. Or perhaps they could have - but they might have been caught or otherwise disrupted, and, in the process, have lost (or destroyed) the encryption keys to your data. Or they simply don't feel like it, perhaps never planned to.
  • LEAKAGE AND BLACKMAIL. Having gained access to your data, the attacker may have copied (stolen) some or all, and is prepared to do "exfiltration extortion" - sell sensitive data, blackmail customers (and/or you), or otherwise make criminal use of the data.
  • FINES AND OTHER COSTS. Depending on your industry and what states and countries you are located in, or do business in, the mere fact that sensitive data has been exposed may make you liable to significant fines, along with the costs of notifying customers or other impacted parties.
  • BACKUPS BROKEN. The backups you count on for recovery may be toast. The successful infiltration of your company may have occurred weeks, even months prior to the ransom demand. During this time, the attacker may have been working their way through your backups, similarly encrypting or corrupting them, so that when IT attempts to recover via one of these backups, rather than pay up - it's discovered that this can't be done.
  • HERE THEY COME AGAIN. Having gained access to your networks and systems, the attacker may also perform other attacks you are not yet aware of. These could include using your system or resources for cryptojacking ("mining" for cybercurrency), or could leave your future data at risk.

And, of course, if one ransomware attacker can get in, so can others.

Protecting Your Data from Ransomware (And Other) Attacks: What's New

New technologies are enabling powerful new ways to protect and secure your data:

  • Isolation. Just like companies are increasingly segmenting their networks to contain incursions and infections, new technologies let you architect your storage as virtual storage arrays, which can limit how far a ransomware attack can reach. (Think of these like airlocks or moats, if that helps.)
  • Change Control. "Immutability," using tools like blockchain and object lock storage, prevents data from being changed by normal processes, and confirms data is still unaltered.
  • Multi-tier, multi-copy backups including off-site and off-line backups. Hybrid storage lets you, as needed, have data on-premises, in the off-premises cloud, and go to off-site, providing both nearline and offline recovery points.

What can you do? Work with technology partners who are already seeing and addressing ransomware and other threats to your company's data to help you keep evolving your protection. And keep your employees on guard and informed - make sure they know how they can help...and what they should remember not to do.

Protecting data in today's hybrid IT environments presents challenges that legacy backup systems simply weren't designed to handle. Remember, no one system or solution will protect your company completely from ransomware, cyberattacks or from non-criminal events, like natural disasters.

For this reason, Zadara has partnered with Veeam to offer the only unified, multi-tier data protection solution that delivers complete backup protection without the need for multiple technologies. The ‘3-2-1-1' data protection methodology is based on the backup rule of three. This came from photographer Peter Crowe and includes keeping three copies on your data, stored in multiple forms, including one version offsite.

What shouldn't you do? Don't leave your backup to chance. You shouldn't wait until it's too late to revisit and update your storage, backup and recovery solutions. Make sure you have a complete end-to-end backup solution that includes an easy mechanism to send data offsite securely with a user ID and password from your service provider that copies the data to object storage and locks it to prevent deletion.

And don't neglect to periodically test your ongoing and older backups - because if you don't test, how do you know your backup is still valid?


About the Author

Steve Costigan 

Steve Costigan is an experienced IT professional, with over 30 years of experience across many technologies and systems within the data center and cloud arenas. Steve is skilled in taking complex technical subjects and making a simplified solution achievable, especially around storage and virtualization technologies. Steve joined Zadara in May 2014 and works closely with the team to bring the Zadara VPSA platform to the European market - as well as lead the International Solution Architects team in defining Zadara solutions with customers and partners. Prior positions include VP of Product Research and a founder member of 7Global, one of the first XaaSP's to emerge in the UK market in the late 1990s, where he was technical lead in design of the infrastructure and BS7799/ISO27001 technical lead, in addition to defining new products and services. At LSI Steve was responsible for working with key OEMs such as IBM, SUN, SGI and HP in delivering solutions around the StoreAge SVM / HP SVSP solutions. He holds a Masters in Management (IT) from Charles Sturt University.

Published Monday, June 01, 2020 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2020>