Move beyond traditional security strategies to protect against the two most common types of ransomware threats
By Jon Toor, CMO, Cloudian
The Director of the FBI recently described ransomware as posing a threat comparable in scale to the September 11 terrorist attacks. In light of these comments, and after several high-profile ransomware incidents such as the Colonial Pipeline attack, there should be little doubt that ransomware poses the greatest cybersecurity threat to organizations today.
Broadly speaking, cybercriminals take two approaches to ransomware: they encrypt data to prevent victims from accessing it, and they download confidential or sensitive information and threaten to release it to the public. These two approaches are not mutually exclusive – cybercriminals will often encrypt data and threaten to release it to the public if ransoms aren’t paid within a certain timeframe. In fact, data extortion attempts now occur in 77% of ransomware attacks.
Organizations are employing several traditional strategies to combat this threat, such as using endpoint security solutions and conducting anti-phishing training for employees. While these are helpful best practices, they will eventually fail against savvy cybercriminals. There are two proven ways to mitigate the impact of ransomware: the use of immutable (or unchangeable) backup data and encryption.
Immutable storage backups prevent hackers from encrypting data, thereby neutralizing their ability to lock up data and prevent organizations from accessing it. Meanwhile, data encryption prevents cybercriminals from exposing data. Because many ransomware gangs try to do both during each attack, organizations should employ data immutability and encryption to protect themselves fully and avoid having to pay ransom.
In traditional ransomware attacks, cybercriminals encrypt an enterprise’s critical data, holding it hostage and making it inaccessible until the victim pays a ransom. The best way to defend against these attacks is by creating immutable backup copies of your data. Immutable storage is cost efficient and simple to use: Once a backup data copy is written, that backup cannot be altered or erased for a specified period of time, making it impossible for ransomware to encrypt that data. If a ransomware attack does occur, organizations can rapidly restore that data backup through a normal recovery process. There’s no need to pay a ransom.
There are two storage architectures that provide data immutability. One is to create a backup copy on magnetic tape. If that tape is then physically removed from the library, it effectively becomes unchangeable. However, this approach takes extensive time and resources to manage. The other option is to use immutable object storage as a backup target. Select object storage platforms support an immutability feature called Object Lock which prevents data from being encrypted or deleted for a user-defined period. Multiple backup software vendors support this feature as part of a fully automated backup workflow. In the event of an attack, this provides fast recovery from a clean data copy.
In the other type of ransomware attack, cybercriminals access an organization’s sensitive information, download it and threaten to release it publicly or sell it on the dark web unless the victim pays. Immutable backup storage isn’t enough in this case, as the hackers aren’t trying to lock an organization out of its data. That’s why it’s important to encrypt your sensitive data.
Data encryption works by changing data into ciphertext, an unrecognizable format that requires a special key to decipher it. Without the corresponding decryption key, hackers can’t release the data in a form that’s intelligible.
Both data-at-rest (stored data) and data-in-flight (data that’s being acquired or moved within an organization, such as data being migrated to a public cloud) should be encrypted to prevent data extortion. For data-at-rest, AES-256 encryption employs a system-generated encryption key (regular Server-side Encryption, or SSE) or a customer-provided and managed encryption key (SSE-C). Here, the upload and download requests are securely submitted using HTTPS, and the system does not store a copy of the encryption key.
Data in-flight data is also vulnerable to breaches through a process called “eavesdropping.” Using this method, cybercriminals “listen” to data communications, searching for passwords or other information being transmitted in plaintext. To prevent eavesdropping, AES-256 encryption can be combined with secure transport protocols. These protocols include SSE, Amazon Web Services Key Management Service (AWS KMS), OASIS Key Management Interoperability Protocol (KMIP) and Transport Layer Security / Secure Socket Layer (TLS/SSL).
As ransomware attacks grow in frequency and sophistication, more organizations will be hit in 2021, causing substantial economic losses and reputational damage. It’s critical that enterprises move beyond traditional cybersecurity strategies to ensure their businesses are protected. Immutable storage and data encryption are the most effective and comprehensive ways to prevent ransomware from wreaking havoc on your organization.
About Jon Toor
Jon Toor is the CMO of Cloudian. Jon leads Cloudian’s inbound and outbound marketing teams. Prior to Cloudian, Toor served as vice president of digital marketing and demand generation at Brocade. He also served as the vice president of marketing at Xsigo Systems where he led the outbound marketing team, a group he led from company launch until the company acquisition by Oracle. Prior to Xsigo, he served at ONStor as vice president of marketing. Toor holds an MBA, bachelor of science in mechanical engineering, and a bachelor of arts in economics all from Stanford University.