Even before the events of this past week, ransomware attacks worried many IT professionals. It’s been a hot topic since 2013, when CryptoLocker spread, encrypted files on infected users’ hard drives and network shares, and the attacker demanded that ransoms be paid via BitCoin to decrypt the files.
The conversation has remained constant through a number of “copycat” variations of ransomware, and the recent WannaCry ransomware attack infecting more than 230,000 computers in 150 countries only intensifies the discussion.
This Weekend's Ransomware Attack
This weekend’s worldwide WannaCry cyberattack, also called WannaCrypt, first struck in England. On Friday, hackers gained control of Britain’s National Health Service computers, locked users out of their computers and demanded a ransom in Bitcoin, according to a Washington Post article.
Impacted in the attack? More than 40 hospitals and health facilities in England as well as organizations in at least 150 other countries, including Portugal, China, Indonesia, Vietnam, Japan, Germany and Russia. Global companies FedEx and Nissan were among those targeted by the attack but both reportedly were back to normal operations by Monday, according to a CNNtech article.
Transmitted via a phishing email, the WannaCry ransomware attack highlights the growing challenge of such attacks. While four years ago, investigators were looking into about 16 ransomware variations in Eastern Europe, they now face dozens of types of ransomware and catching those responsible is very difficult.
The recent attacks “alarmed cybersecurity experts everywhere, reflecting the enormous vulnerabilities to internet invasions faced by disjointed networks of computer systems. There is no automatic way to ‘patch’ their weaknesses around the world,” according to a New York Times article.
Why Security Software is Insufficient
Keeping both endpoint and gateway anti-malware software up-to-date only protects against known attacks and behaviors. It is well known that traditional antivirus software is easy to evade by encrypting binary files to change their "signatures," and new exploits continuously change the behaviors necessary to execute an attack.
Even more modern attempts at using machine learning to characterize suspicious files require training and previous examples of similar, known exploits to characterize.
Moreover, end users (often mobile) may inadvertently introduce threats. Viruses often enter the enterprise network by mobile devices or laptops not controlled by IT. These threats “enter” the workplace and infect the network through VPN connections, spreading malware.
The Need for Data Protection
With the knowledge, that no anti-malware strategy is 100 percent effective, protecting the data becomes critical.
In order to ensure that your organization’s data is protected, you must perform regular backups, and have the ability to quickly and easily restore files, folders, and entire volumes of data in the event that your data is taken hostage.
Performing a backup to tape is simply not sufficient:
- Large scale NAS takes far too long to backup to tape. As a result, most tape backups occur at most, once daily or, in most cases, once weekly. Any authorized changes to data during that 7-day window are likely to be lost if you need to roll back.
- Recovering significant data from tape is extremely time-consuming and not likely to succeed for a large enough volume of data.
- Recovering individual files and folders from tape is difficult and inefficient. Since tape is a linear format, those restores will likely involve fetching and loading multiple tapes.
Snapshotting on primary storage is not sufficient:
Snapshots typically only handle rolling back to a specific point in time, for an entire folder or volume of data. Identifying the *right* version to roll back to is challenging.
Protecting Data Against Ransomware Attacks
Enter Igneous Backup and Igneous Archive.
Igneous Hybrid Storage Cloud consolidates backup and archive. Our fully managed, turnkey solution enables enterprises to continuously backup all of their large-scale NAS data. It scales from hundreds of terabytes to hundreds of petabytes, and can easily protect billions of files across a variety of NAS systems, including Netapp and Dell EMC Isilon.
Backed-up data retains all of its original attributes and permissions, and can be easily located and restored from a user-friendly graphical interface, or using a robust API.
- Igneous allows you to perform continuous backup, minimizing the impact of rolling back to previous versions of data.
- Igneous keeps every version of every file that’s backed up.
- Administrators can, at the click of a button, restore all or part of a file server to a “known good” point in time.
- Administrators can restore data to a staging location easily, allowing for dev/test without impacting production.
- Behind Igneous Hybrid Storage Cloud is a scalable and resilient object store, compatible with S3 API. Igneous Storage is immutable, and capable of retaining all versions of individual files. These object storage concepts can be leveraged by tools to provide granular rollback of individual files to a “known good state” without rolling back too far and losing work.
Using Igneous Hybrid Storage Cloud as part of your overall data protection strategy helps protect your organization against all types of data loss, including:
- Accidental user deletion or modification
- Catastrophic file system failure
- Whole datacenter failure
Contact us to learn more more about Igneous Hybrid Storage Cloud and how it can prevent data loss from ransomware attacks and other incidents.