(July 8, 2021) Ransomware has evolved into one of the costliest threats that businesses face. The threat has become pervasive, requiring businesses to rethink their approach to cybersecurity and data backup. But data backup isn’t enough. Data immutability is key to combating ransomware.
Several high-profile incidents have brought public attention to ransomware, most notably the attack that shut down Colonial Pipeline in May 2021. The shutdown created fuel shortages and panic buying across large swaths of the country, driving gas prices to their highest levels in years. Colonial paid $5 million to the attackers some of which was later recovered by the FBI. But the decryption process proved time-consuming and incomplete, requiring the company to recover data from older backups or rebuild systems in their entirety.
The Ransomware Scourge
Most ransomware attacks encrypt the victim’s files and demand a ransom payment in exchange for the decryption key. However, a growing number of ransomware strains also exfiltrate the victim’s data before encryption and threaten to sell or publicly expose it. The objective is to increase the likelihood that the victim will pay the ransom.
Early ransomware attacks took a scattershot approach, attempting to extort small sums from as many victims as possible. Today, cybercriminals are targeting energy and utility companies, healthcare organizations, and government agencies that are more likely to pay ever-larger ransom demands. An attack often begins long before files are stolen and encrypted, as hackers seek to cause as much damage and disruption as possible.
Cybercriminals typically launch ransomware attacks through phishing emails with malicious links or attachments. When a user clicks the link or opens the file, malware is dropped onto the user’s system that gives the hackers access. Attackers have been known to spend weeks or months inside the victim’s network, escalating privileges and moving laterally among systems to conduct reconnaissance.
Combating Ransomware: Mitigating the Threat
In a previous post, we offered tips for limiting the risk of a ransomware attack. User training, email security, robust antimalware tools, and other controls can help prevent an attack from being launched. However, the most critical defense is to perform frequent backups and test them regularly to ensure that applications and data can be restored quickly should a ransomware attack occur.
Of course, backups can be affected by ransomware, too. If backup storage is just another node on the network, the malware can find it and encrypt the files. That’s why data immutability is so important.
One way to protect backups from ransomware is to leave an “air gap” between the backup and the rest of the IT environment. Traditionally, this meant backing up to tape or some other form of storage that can be physically removed. Some types of cloud storage can be utilized as a part of an “air-gapped” backup strategy. However, cloud storage costs can be prohibitive for organizations with a large data footprint, and retrieving data from cloud storage can be time-consuming.
Immutable Storage
A better approach is to incorporate immutable data storage for combating ransomware. Immutable data storage ensures backups cannot be changed or deleted. Many backup software vendors have integrated immutable data storage options into their products, including disk, tape, and the cloud. Administrators set policies making the backup data immutable for a specified period. The data cannot be deleted or altered, even by ransomware.
There are minor downsides to immutable storage. Additional storage capacity will typically be needed since you will be keeping additional copies of your backups for a potentially longer period of time. Additionally, immutable storage can’t protect against physical damage to data caused by fires, floods, or other disasters, so administrators should still follow the 3-2-1 rule for data protection.
Immutable storage has traditionally been used by organizations with legal or regulatory requirements for retaining data. Today, there is growing interest in the technology as protection against ransomware. Organizations should be evaluating immutable storage as part of their ransomware mitigation strategy.
ABOUT MAINSTREAM TECHNOLOGIES
Mainstream Technologies delivers a full range of technology services in Arkansas and the surrounding region including managed technology services and consulting custom software development and cybersecurity services. We also offer industry-leading data center services in our Little Rock facilities. Established in 1996, Mainstream has earned a reputation for delivering quality, reliable, and professional technology services for public and private-sector customers across the United States.
Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile
