In today’s highly connected, online world, the danger of ransomware is becoming increasingly pervasive. What is ransomware, and how do we best defend against it?
Connectivity is the lifeblood of the digital world and is now being built into just about everything. From household appliances to motor vehicles and on to factories, the Internet of Things is creating a truly networked society.
Of course, wherever there are networks, you will find data being utilised on a massive scale. While businesses may use this information to fuel innovation and power informed decisions, there are many bad actors out there that seek to exploit - for criminal purposes - these large volumes of networked data.
Ransomware is currently one of the worst forms of malware attack, as what it does is scramble a company’s data, using encryption software. These cybercriminals then leave behind instructions for negotiating ransom payments. Then, theoretically, at least, they provide the organisation with the decryption keys needed to unlock said files. Generally, these bad actors demand payment in Bitcoin, and the ransom can vary from a few hundred dollars to hundreds of thousands.
It is here that the connectedness that is the key strength of disk or cloud-based storage solutions when it comes to issues like speed of recovery makes them vulnerable in terms of potential exposure to ransomware.
Not only is the threat very real, but it is also a genuine danger. It hardly bears thinking about what would happen to a healthcare facility that finds itself locked out of its patients’ data. The same could be said for a bank whose customers' account details are rendered unreadable. Under such circumstances, many organisations would do most anything to get it back, which is the attitude these criminals prey on.
Broadly speaking, if you become a victim, you are left with only two choices: Go through serious efforts to restore all backups - something that could take days, at least - or pay up to get your data back.
Regardless of the ultimate choice, a business faces multiple dangers when hit by a ransomware attack. First and foremost is the potential financial loss. Not only are ransom demands usually expensive, but if you cannot pay, you may lose everything.
Data loss is another critical threat. Once your important files have been encrypted, they are rendered useless. This, in turn, may lead to the loss of customer information or confidential company data.
The last threat faced by a company in such circumstances is the danger of reputational damage. After all, no customer wants to find out that their personal information has been compromised. And few will remain with a business that allows this to happen.
When it comes to dealing with ransomware, security specialists Kaspersky advise that prevention is always better than cure. This means that one must ensure that the right security software is implemented.
Careful action, along with user education around this subject, is also required with regard to rogue websites and email attachments.
However, it must be remembered that even the best such preventative measures can fail. Therefore, the recommendation is to ensure you have a contingency plan, which in IT speak means ensuring backups of your data.
In short, these defensive steps are all vital:
Ensure your operating system is always patched and up-to-date. This will mean fewer vulnerabilities to exploit.
Never install software or allow it administrative privileges,unless you know exactly what it is and what it does.
Obviously, an anti-virus solution that can detect malicious programs like ransomware as they arrive is key. Also, you should have whitelisting software, as this prevents unauthorised applications from executing in the first place.
In order to ensure you can restore critical data, even following a ransomware attack, you must back up your files, ideally ensuring there is an ‘air gap’ for at least one of the sets of backups.
The ‘air gap’
The only way to ensure a truly offline storage solution, which places your data behind a physical, disconnected, air gap barrier is by utilising one of storage’s oldest methods - tape.
This air gap forms the final part of the proposed 3-2-1-1 rule, which suggests that enterprises maintain at least three copies of important data, on at least two different media types, with one stored offsite and one stored offline.
Being offline is the air gap, as without any kind of connectivity, the bad actors have no access to the data. Only by placing data behind an air gap can you guard against the risks of both criminal ingenuity and unfortunate human error.
Tape's removable media is what makes it an offline option in a way that cloud-based storage simply is not. After all, if ransomware can’t ‘see’ or find these backups, the data can’t be compromised. HPE tape also provides a logically clean copy that won't be accidentally overwritten by mirroring software.
Ultimately, though, it must be remembered that backups are only part of a broader defence against ransomware, which should also encompass upstream protection, such as anomaly detection or encryption. Nonetheless, tape is a critical data protection measure that should definitively be part of a suite of security measures that not only protect against intrusion, but also afford businesses the potential for clean restores in case of attack or data loss.