Ransomware: A modern scourge

Why unified storage is key to protecting your business with modern IT, as told by Wes van den Berg of Pure Storage.

The cyber-threat landscape is ever evolving, and undoubtedly one of the biggest current threats is ransomware.

Ransomware is a type of malicious software that threatens to publish the victim’s data, or perpetually block access to it, unless a ransom is paid – for modern organizations who rely on data to operate and thrive, this kind of attack can be catastrophic.

In March 2020, McAfee had already reported that ransomware attacks had more than doubled in a year, with insurance company Beazley claiming that attacks in Q1 2020 were up 25% on Q4 2019. Data from many other reputable sources point to an increased threat of ransomware.

Increased threat landscape

The Covid-19 pandemic has caused a huge amount of disruption for businesses, and created a new normal for how many organisations operate. The majority of workforces have had to suddenly work remotely, and this will remain the case for quite some time.

While this has been a necessity, it has created new opportunities for hackers looking to exploit – making use of the fact that many will potentially be working on insecure home systems and networks, holding an increased amount of business-critical calls and meetings virtually, with security gaps left open to attack.

It’s therefore unsurprising that Covid-19 has created a surge in ransomware attacks, and as such many security firms are offering advice and new protective measures to customers. However, one area that is not discussed so frequently in relation to ransomware is the vital role that storage can play in mitigating the risk.

Prevention is no longer enough

As part of a robust cybersecurity strategy, companies can no longer rely solely on anti-intrusion systems. While having the proper precautions in place to prevent an attack is vital, organisations must also plan for recovery if an attack does occur. This means implementing a strategy that also takes into account the necessary recovery through which data can be restored as quickly as possible.

In the vast majority of cases, once a business has been infected with ransomware it’s already too late to stop it. If everyone agrees that the ransom should not be paid, the data, once encrypted, is unrecoverable.

The IT teams then have the responsibility of restoring data from backups, which may be out of date and result in data loss. This approach also assumes that backups are available and haven’t been encrypted or deleted by the ransomware attack itself.

Recently, attackers have increasingly targeted backups with the goal of deleting them, acknowledging backups as an organisation’s last line of defence. Data recovery is then impossible, forcing companies to pay a ransom or resign themselves to the loss of data, which could do irreparable damage.

Even if a ransom is paid it doesn’t guarantee recovery of data or protection from future attack and extortion. Remember that these attackers are hardened criminals.

Using snapshots to combat ransomware

This is where advanced snapshots come in. Snapshots are designed to protect data in the same way as backups, but with the goal of minimising data loss and restoration times.

They serve as a detailed index and protect metadata which acts as a guide for restoring an organisation’s systems, speeding up the process dramatically.

Space-efficient snapshots automated by end-to-end protection policies provide the flexibility and confidence to operate worry-free. Purity CloudSnap also enables snapshot portability from on-premises to a secondary system or the cloud.

It’s possible to take this concept further with the introduction of SafeMode snapshots. These unique, read-only snapshots are immutable and prevent ransomware attackers from deleting backups stored on FlashBlade.

After being enabled, automated FlashBlade-wide snapshots are kept for a customer-specified period of time and cannot be deleted by the customer or even anyone with admin access to the FlashBlade system or backup software.

In addition to this, only an authorised technical member of an organisation will be able to change the configuration of the snapshots, provided they contact their counterpart at technical support to verify their identity and unlock the system.

Therefore, even if the company’s administrator account is compromised, hackers will not be able to touch the snapshots. Thus, in the event of a ransomware attack, data can be easily restored.

Restore speed: The under appreciated difference-maker

Even with immutable snapshots in place, organisations will be limited by the speed at which they can restore data to get them up and running again in today’s fast-paced business environment.

Imagine a major online retailer being down for even one hour, it could cost them many thousands or even millions in revenue. If hit with ransomware, that retailer will want to restore its secure data as rapidly as possible.

Organisations should insist on a backup solution that can restore data at a rate of hundreds of terabytes per hour for maximum speed to resolution, and near complete peace of mind against ransomware attacks.

With a solid cybersecurity strategy reinforced with advanced snapshots and a rapid restore solution, the restoration phase after a ransomware attack can be reduced from several weeks to just a few hours.

Related Articles

Top Stories