Ransomware immunisation and data protection at the hardware and software level
Congratulations, your files have been encrypted! The only way to decrypt your files is through access to our decryption programme and a private key. Please pay within 12 hours because if you don’t the key will be deleted and you won’t be able to decrypt your data.’
No reason to panic, the message above is fake. However, chances are very likely that you will see a similar message popping up on your screen soon because ransomware attacks are on the rise. Mainly because there are still too many business owners out there who believe that they’re not a reasonable target for cybercriminals. Either because they think that their company isn’t big enough to be a target or because they don’t address specific vertical markets like healthcare, the public sector, or finance. Last but not least it’s often a lack of knowledge of what risks the business is facing which results in denial and a dangerous belief that it’ll only affect others.
We’re very sorry to let you know that you’re wrong and need to urgently get prepared to deal with the unthinkable. Making sure that a ransomware attack doesn’t encrypt your files or exposes sensitive data publicly is a supreme duty even if you’re running a small to medium-sized business or a small enterprise.
Let’s be honest
Tools and techniques to fight ransomware attacks successfully are on the rise mainly because the threats continue to grow exponentially. However, it takes more than just one tool to establish proper cybersecurity hygiene and ransomware immunisation. It doesn’t come for free either. You need to ask yourself a very important question: how much is the lifeblood of my company worth? You also need to acknowledge that proper protection of your business data against the big trouble is similar to paying for risk insurance and somewhat leaves you between a rock and a hard place: either pay huge amounts of money in ransom to criminals or have sensitive and confidential company data exposed. Just think of all the negative consequences for the reputation of your business because a data leak will not remain underneath the radar.
Ransomware immunisation requires multiple levels of security
Unfortunately, ransomware attacks are becoming more sophisticated and cybercriminals also found a way to target backup files. This is why it takes more consideration than just buying a subscription for the backup software that best fits your business needs. Let’s have a closer look at what else you can do to protect your data.
Just like the two sides of a coin, backup can’t go without storage because your backup files have to live somewhere. Traditionally, you would have a backup system using a separate storage subsystem via a network that also needs to be secured. If the admin console gets compromised, data on that system can be wiped. If you don’t get the read/write permissions right in the network you’re also allowing ransomware to do the malicious job and encrypt backups.
One step to simplify your life, is using a storage appliance instead of the complex environment described above. Storage appliances combine storage with the backup server making that storage ‘local’ to the backup. An on-premise appliance is always on and thus still available even if the lights are out for any reason. Integrated software turns storage appliances into simple and intuitive software-defined storage solutions providing you with ‘WORM in a box’ and other beneficial features to protect your data. Here’s a high-level overview:
- WORM – Write Once, Read Many (WORM) is a data storage technology that prevents data, once written, from being erased. Historically, WORM compliant storage has only been typically used by organisations that had to satisfy regulatory requirements. These days are gone because every business must maintain data availability, integrity, and confidentiality. Without unhindered read access to correct data, you cannot run your business properly and give your customers and employees the level of data privacy they deserve.
- Immutable Storage Currently, immutable storage is considered one of the best defenses against ransomware because you can roll back to the state prior to the attack and use a clean copy. As the name itself suggests, written data cannot be altered or changed which makes your backup immune to new ransomware infections. Immutable storage is typically combined with a retention period during which your backup cannot be modified, overwritten, or deleted. Even if you’re the most privileged user in your company, you won’t have a chance to manipulate the data. Immutable Storage can also protect against users who overwrite or delete files either by accident or on purpose. Additionally, immutable storage is enabling your business to meet data compliance/data privacy regulations by facilitating historical copies that are verifiably accurate and have not been modified. Think of all your tax-related documents as one example!
- Object Storage It feels like network sharing protocols such as NFS or CIFS have been around forever. They still work well for ordinary file sharing tasks but are also quite a security nightmare. It’s complex to get the read/write permissions right and protect data from being exposed. Using these protocols also lets almost any device discover the backup storage so cybercriminals have a better chance to attack the backup if there are minor mistakes made in the configuration of permissions. Consider staying away from the use of network-sharing protocols and look into more secure methods such as object storage APIs. We keep hearing that object storage is not a good fit for smaller data volumes. We strongly disagree and consider object storage a great choice for backup, archive, and recovery repositories. LUNs or volumes become as obsolete as RAID because variable-sized object containers are distributed across nodes and objects are also replicated across nodes rather than disks for better protection in case of a device failure. Last but not least object storage security can be applied on a per-object or per-command basis.
- Cloud integration & GEO replication Although the good old 3-2-1 backup rule needs to be interpreted differently in the era of cloud, it’s still a golden rule. No need to argue that the cloud is an essential medium for modern backup architectures and probably even the preferred one for immutable storage. However, the cloud is not the holy grail because using only one storage medium and then storing that data in a single (cloud) location is one of the most common data backup mistakes. If you don’t want to open the door to disaster, maintain three copies of your data, store it on two different types of media with one copy stored onsite and the other one offsite. One of those copies must also be physically removed from the network. Another core feature of the cloud is the ability to replicate across data centers and regions providing geo-redundancy. A modern backup and storage architecture even allows you to span on-prem and cloud environments.
Further essential levels of your data protection strategy include an incident response plan. When disaster strikes it’s too late to discuss what you need to do next, when you need to pull the plug and how you will communicate with stakeholders when Email is down. When you talk about a zero trust policy and the need to identify high risk employees it’s not pleasant terminology. However, it’s not always a rogue employee but often a simple human error that leaves the door wide open for cybercriminals. Implementing a secure keyword policy, separating administrative roles and multi-person authorisation workflows are additional levels of your data protection strategy. Not to forget about enabling good old 2-factor authentication on all company and social media accounts.
The power of education
Last but not least do not forget about the power of education. The more the entire team knows about cybersecurity, how they can identify phishing emails and other malicious content, the more likely you will be able to prevent an attack.
Still, no reason to panic because implementing a proper backup strategy including ransomware protection is easier than you think and also affordable for smaller organisations. Yowie Storage appliances from RNT start from 32 TB usable capacity and include all the features described above. It takes only 30 minutes to complete set-up and go beyond traditional architectures that are not built for the SMB/SME. With Yowie you’ll get even more than just ‘WORM’ in a box. RNT also brought together two of the most powerful tools in the data protection business, Immutable Storage and S3. Having them all integrated into Yowie you’ll get easy-to-manage enterprise-grade storage at entry-level storage cost.