Fight Kubernetes Ransomware with Kasten and Cloudian

Adam BerghAdam Bergh
Cloud Native Technical Partnerships at Kasten by Veeam
LinkedIn Profile

amit rawlani

Amit Rawlani
Director Technology Alliances, Product & Solution Marketing, Cloudian Inc.

LinkedIn Profile

The threat of ransomware should be thought of as serious problem for all enterprises. According to an annual report on global cyber security, there were 304 million ransomware attacks worldwide in 2020 — a 62% increase from 2019. While most IT organizations are aware of the continuously rising threat of ransomware on traditional applications and infrastructure, modern applications running on Kubernetes are also at risk. The rapid rise of critical applications and data moving into Kubernetes clusters has caught the attention of those seeking to exploit what is perceived to be a new and emerging space. This can leave many organizations ill prepared to fight back.

Kubernetes Vulnerabilities

Kubernetes itself and many of the most common applications that run in Kubernetes are open-source products. Open-source means that the underly code that makes up the applications is freely available for any to review and find potential vulnerabilities. While not overly common, open-source products can often lead to exploitable bugs being discovered by malicious actors. In addition, misconfigured access controls can unintentionally lead to unauthorized access to applications or even the entire cluster. Kubernetes is updated quarterly, and some applications as often as every week, so it’s crucial for organizations to stay up to date with patching.

Surprisingly, many organizations that use Kubernetes don’t yet have a backup and recovery solution in place — which is a last line of defense against an attack. As ransomware becomes more sophisticated, clusters and applications are at risk of being destroyed, and without a means to restore them, you could suffer devastating data and application loss in the case of an attack.

What to Look for In a Kubernetes Ransomware Protection Platform

When looking to an effective defense against ransomware in your K8s environment, think about these four core capabilities:

  1. Backup integrity and immutability: Since backup is your last line of defense, it’s important that your backup solution is reliable, and it’s critical to be confident that your backup target storage locations contain the information you need to recover applications in case of an attack. Having guaranteed immutability of your backup data is a must.
  2. High-performance recovery: No one wants to pay a ransom because it was faster to unencrypt your data than recover it from your backup system. The ability to work quickly to recover resources is critical, as the cost of ransom typically increases over time. Being confident that your recovery performance can meet target requirements even as the amount of data grows over time.
  3. Operational Simplicity: Operations teams must work at scale across multiple clusters in hybrid environments that span cloud and on-premises locations. When you’re working in a high-pressure environment following a ransomware attack, simplicity of operations become paramount.

Cloudian and Kasten by Veeam Have the Solution

Kasten By Veeam and Cloudian have teamed to bring a truly cloud native approach to this mission critical problem. The Kasten K10 data management software platform has been purpose-built for Kubernetes. K10’s deep integrations with Kubernetes distributions and cloud storage systems provide for protection and mobility of your entire Kubernetes application. Cloudian’s HyperStore is an enterprise-grade S3-compatible object storage platform running in your data center. Cloudian makes it easy to use private cloud storage to protect your Kubernetes applications with a verified integration with Kasten. With native support of the cloud standard S3 API, including S3 Object Lock data immutability, Kasten and Cloudian offer seamless protection for modern applications at up to 70% less cost than public cloud.

Kasten Cloudian blog diagram 1

Fast recovery: Cloudian provides a local, disk-based object storage target for backing up modern apps using Kasten K10 over your local, high-speed network. The solution lets you backup and restore large data sets in a fraction of the time required for public cloud storage, leading to enhanced Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).

Security and Ransomware Protection

Cloudian is a hardened object storage system that includes enhanced security features such as secure shell, encryption, integrated firewall and RBAC/IAM access controls to protect backup copies against malware. es in a shared-storage environment. In addition, to protect data from ransomware attacks, Cloudian HyperStore and Kasten support Object Lock for air-tight data immutability all the way up to the operating system root level.

Kasten-Validated Solution

Cloudian is Kasten-validated to ensure trouble-free integration. Kasten’s native support for the S3 API enables seamless integration with Cloudian HyperStore.

Easy as 1-2-3

Setting up Kasten K10 and Cloudian Ransomware Protection is as simple as 3 easy steps:

1. Create a new target bucket on Cloudian HyperStore and enable Object Lock.

Kasten Cloudian blog diagram 2

2. After Kasten K10 installation, check the “Enable Immutable Backups” box when adding a target S3 object storage bucket.

Kasten Cloudian blog diagram 3

3. Validate the Cloudian object storage bucket and specify your protection period.

Kasten Cloudian blog diagram 4

GET STARTED WITH KASTEN K10 TODAY!

Are You Prepared For A Ransomware Attack Against Your Data?

Is your data really protected and safe against ransomware attacks? Take this quick ransomware assessment to find out if you’re adequately prepared and if your data is safe and protected.

Grant JacobsonGrant Jacobson, Director of  Technology Alliances and Partner Marketing, Cloudian

View LinkedIn Profile

Find Out If You’re Prepared For A Ransomware Attack Against Your Data!

Do you know if your data is really protected and safe against ransomware attacks which have become one of the top cybersecurity threats facing organizations around the world? With multiple attacks now occurring every minute and an increasing level of ransom payments and other business costs, having the proper cybersecurity protections has become an urgent priority against this accelerating and costly threat.

Organizations who have cybersecurity strategies may feel protected but they can still be vulnerable. For example, while much has been written about network perimeter and firewall security measures, these defenses typically do nothing at all for protecting data, if breached.

What would you do if you discovered that your organization’s data was attacked, encrypted and held hostage for ransom? Do you know if you’re adequately prepared and if your data is safe and protected? It’s well worth checking to know just how secure your data storage is and whether your protections are up to date.

Spend just a few minutes to find out with this cybersecurity assessment, below. Upon completion, you will receive a score and a report of your answers along with suggestions for improvement, if needed.

Take the survey now.

5 Reasons Ransomware Protection Needs to Be a Board-Level Conversation

It is not just the responsibility of the IT/IS department to keep the business safe, but the obligation of every CXO and Board member to ask for and implement stringent cyber security measures starting with zero trust, perimeter security, and employee training.

amit rawlaniAmit Rawlani, Director of Solutions & Technology Alliances, Cloudian

View LinkedIn Profile

“We are on the cusp of a global pandemic,” said Christopher Krebs, the first director of the Cybersecurity and Infrastructure Security Agency(CISA), told Congress in May of 2021. The director of CISA isn’t talking about a virus created pandemic, rather he is referring to the pandemic of cyber-attacks and data breaches. This warning rang especially true when the Colonial Pipeline ransomware attack crippled the US energy sector the following week. 

Your files are encrypted

For the uninitiated, ransomware is the fastest growing malware threat, targeting users and organizations of all types. It works by encrypting the user’s data, rendering the source data and backup data useless and asks for ransom, threatening to hold the data hostage until it is received. Payments are usually demanded in untraceable crypto currencies which can (and in many cases do) end up with state sponsored bad actors.

Today, protection against and mitigation for a ransomware attack are information technology and information security responsibilities with the C-Suite and Board taking a relatively hands-off approach. But that must change and in some cases is already changing. Here’s why C-Suite and Board members should take this threat seriously and be the driving force to protect the organization against ransomware. 

1. To Pay or not to Pay: Financial Impacts of Ransomware

Ransomware impacts organizations of all sizes, across all industries. The security company Sophos(1) found that 51% of the companies responded in an affirmative when asked if they were attacked by ransomware in 2020 – the year of the pandemic. In 73% of those cases, data was successfully encrypted, thereby bringing the business to its knees. More than a quarter of the respondents (26%) admitted to paying the ransom at an average of $761K/ incident, which is a huge increase from the previous years where a similar report had pegged the average at $133K

The financial implication of paying the ever-increasing ransom demands aside, the real impact of ransomware is on the business itself. It cripples businesses and renders services ineffective and undeliverable. There is also the threat of data exfiltration which can expose sensitive customer data and leave the organization open to lawsuits and additional financial penalties. This does not even account for the loss of business due to downtime, or the brand damage that the ransomware can cause. 

With just these impacts alone, with rope in the Director of IT or IS, CFO, General Counsel, Public Relations, Chief Privacy Officer, CIO, and CISO. The CEO will also be roped in and will have to break the new to her board of directors. It would be far better if she remembers this as the day she was able to say, “We were prepared. We already have the business back up and running. We will not be paying.”

2. The Moral (and Regulatory) Low Ground of Paying a Ransom

Then there is the moral and regulatory dilemma associated with paying off ransom. This practice is actively discouraged by the US governmental agencies as it encourages and fosters similar and copycat attacks.  Added to this is the Oct 2020 advisory from Department of The Treasury(2), OFAC (Office of Foreign Assets Control) & FINCEN (Financial Crimes Enforcement Network) which talks about “Potential Sanctions Risks for Facilitating Ransomware Payments”. Given that most of the payments for ransomware are untraceable, this opens organizations, the executives and board members to US government sanctions violations.

3. Cyber Insurance: How to Get, Keep, and Save on This Must-Have for Business Continuity

Cyber Security Insurance, the fastest growing insurance segment is another important consideration. As a safeguard most large organizations require cyber insurances as part of their cyber defense strategy. But insurance companies are not immune to the US sanctions violation if a payment is made to rogue nations. Therefore, premiums for ransomware coverage are high or may require up to 50% coinsurance. In some cases, insurers may NOT even cover businesses unless they are able to show significant cyber security arrangements along with data immutability as part of their cyber security plans.

 

human cost of ransomware
Human Cost of Ransomware

 

4. The Human Cost of Ransomware

Finally in addition to a business, insurance and regulatory impact, the most reprehensible  danger of ransomware is its human impact. This applies across all industries. From impacting critical utilities in the energy sector, declined credit card and bank transactions in the financial sector, to delayed patient care, emergency treatments, and even death in the healthcare sector, the impact of ransomware is real and direct and all too inhumane. 

5. Getting Organized: Plan, Don’t Pay

Without a regularly drilled, top-down plan on how a business will respond to a ransomware attack, an organization is going to make mistakes in the heat of an attack. It will pay the costs of those mistakes whether to masked malware attackers, through ransomware-induced PR nightmares, or via increased cyber insurance premiums levied for lack of proper preparation and protection. It is not just the responsibility of the IT/IS department to keep the business safe, but the obligation of every CXO and Board member to ask for and implement stringent cyber security measures starting with zero trust, perimeter security, and employee training. But don’t forget to protect the attackers ultimate prize–your backup data—in immutable WORM storage. 

For all these reasons, ransomware MUST be a C-suite and Board-led conversation. Forrester analysts write: “Implementing an immutable file system with underlying WORM storage will make the system watertight from a ransomware protection perspective.” Data immutability through WORM features such as S3 Object Lock is also now a requirement for many cyber insurance policies to cover the threat of ransomware. 

To learn more about solutions for ransomware protection, please visit
https://cloudian.com/lp/lock-ransomware-out-keep-data-safe-ent/

Citation:

  1. https://www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf
  2. https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf

Overcoming Human Vulnerabilities that Open the Door to Ransomware

Ransomware attacks dominated the cybersecurity landscape in 2020 and will remain a top threat in 2021, posing major challenges for both public and private institutions. The UK’s National Cyber Security Centre recently reported that it handled more than three times as many ransomware incidents as in the previous year. New variations of attacks are always testing security defenses, including more sophisticated “phishing” schemes — taking advantage of human error or vulnerabilities by duping individuals into clicking a malicious link and thereby enabling ransomware to infect an organization.

Neil StobartNeil Stobart, Vice President of Global System Engineering, Cloudian

View LinkedIn Profile

In this recently published ITProPortal article, I discuss one of the biggest challenges in data protection and how to address it.

space

How data storage technology can overcome human vulnerabilities that open the door to ransomware

By Neil Stobart

data securityLet’s take a look at the importance of back-up protection in the era of ransomware.

Ransomware attacks dominated the cybersecurity landscape in 2020 and will remain a top threat in 2021, posing major challenges for both public and private institutions. The UK’s National Cyber Security Centre recently reported that it handled more than three times as many ransomware incidents as in the previous year. New variations of attacks are always testing security defenses, including more sophisticated “phishing” schemes — taking advantage of human error or vulnerabilities by duping individuals into clicking a malicious link and thereby enabling ransomware to infect an organization.

Phishing attacks have long been a major threat to all types of organizations, but these attacks have become more prevalent and successful due to the increase in remote working and learning caused by Covid-19. Phishing methods are also increasingly innovative, with new scams becoming more personalized and authentic-seeming. In addition, “do-it-yourself” phishing kits are now readily available on the dark web, and Ransomware-as-a-Service (RaaS) continues to grow. With barriers to entry now so low, as no special technical skills are required, it’s no surprise that more and more cybercriminals are going phishing. Some of these ransomware variants, such as Lockbit, are sold on underground forums, and their proprietors are even offering refunds if their wares don’t work as advertised.

So how do cybercriminals use human vulnerability to gain entry to an organization’s systems? In the case of universities, for example, they may have tens of thousands of students and faculty who require access, often from geographically dispersed areas. According to statistics provided by the Office of National Statistics (ONS), 65 percent of current UK university students reported having attended no in-person teaching. It only takes one of these users falling for a fake email for an attack to slip through the net. In addition to this, the vast amount of personal data that these institutions carry, from home addresses to detailed parental income statements, make them a tantalizing target for cybercriminals, who can monetize these by selling in bulk on the dark web. Though training can help protect against the dangers phishing brings, it may be too difficult to ensure that any cybersecurity training provided is fully implemented when thousands of users are involved.

WORM storage tech
Threat detection can be useful in preventing ransomware penetration, but threats and the signatures which identify them constantly evolve and become more sophisticated over time, making it hard for even the most advanced cybersecurity solutions to keep up completely. Backup is another useful tool; however, backups are not impervious to tampering. Many ransomware strains, such as the EKANS strain which has recently plagued manufacturers, go after organizations’ backups with the same voracity as primary data. This means that even if organizations have diligently kept up with their backups, these backups can still be encrypted, and the data held hostage by cybercriminals. This also means backups need the highest possible level of protection.

One of the best ways to safeguard data against ransomware attacks is WORM (Write Once, Read Many) storage technology. With WORM, data is locked from any further changes at the time of storing the data. A retention policy is set to determine for how long this data cannot be changed, and during this period it is not possible to change or delete the data. After the retention period ends, WORM protection is removed, and the data can be managed as normal. By making data immutable (unchangeable) and, therefore, tamper-proof, WORM eliminates the ability for ransomware to change data in place, rendering an attack useless.

WORM techniques have been around for a while, used predominantly with removable media such as tape and optical media (CD-ROM, DVD, etc.), and is often referred to as air-gapped storage. This term comes from there being physical space between the removable media storage and the computer systems that access data. This is considered the ultimate protection for data, but it has many disadvantages, such as operational management costs, inflexible access to data and slower data retrieval times. In modern 24\7 operations driven by efficiency and the need for immediate data access, removable media has become unpopular.

Phishing through admins
WORM on hard disk and flash drives has had a checkered past. Until the last few years, WORM was only adopted by organizations that needed compliance to demonstrate digital records being tamper-proof (finance and healthcare for example). The reasons it was limited to these organizations are that a) they were the only ones that had a need for this level of protection (pre-ransomware) and b) WORM implementation was not simple or cheap.

Initial implementations of WORM were only configurable either at an entire storage system level or across a whole file system. You had to be very sure that any data you wrote to these systems were intended to be unchanged and stored for a long time. In the event of any mistakes, you could not roll back, as is still the case. In addition, dedicating an entire storage system or file system to a specific WORM-required workload becomes expensive as this is storage that has a very limited use case.

The S3 Object Lock API provides a very elegant implementation of WORM that allows for granular WORM policies applied at the individual object level, eliminating the need to dedicate an entire storage system just to service WORM-required use cases. This works through a client-server communication between the application managing the data and the storage system. The application configures the data with a retention period as determined by defined data protection levels and updates the metadata for the object. Once the storage system receives the data object, reads the metadata concerning the Object Lock policy, the system stores the data with the protection policy applied. This data cannot be changed until the retention period expires.

It is also imperative to ensure that the data is protected from internal attacks such as a phishing attack with administrator credentials. The storage system must provide adequate protection to prevent any privileged user from circumventing the WORM process and deleting data through an admin backdoor. Systems with secure shell preventing root user access are key to ensuring complete tamper-proof functionality.

Filling the gaps
Protecting ever-changing data workloads such as databases and file shares with WORM would be prohibitively expensive as every time a file was changed, a new version would be saved, racking up storage costs very quickly. But protecting backup data is perfect. Once written, this data does not change and typically needs to be stored unchanged for a longer period. This way you manage to have an immutable copy of all your data without the negative impact. All the major backup software companies have S3 Object Lock support in their products today or certainly on their near-term roadmaps.

Object Lock makes WORM technology more accessible for institutions, which is particularly important for healthcare, local government, and education organizations with limited IT resources. In the event of a ransomware attack, they can quickly and easily restore a clean copy of their data and continue operations.

Cybercrime continues to evolve at a much faster pace than the technical knowledge and cyber hygiene of the average individual user. So, it’s simply unrealistic for modern institutions with thousands of stakeholders relying on their systems every day to expect perfect compliance with cybersecurity best practices. As a result, it’s up to the organization’s leadership to fill in the gaps with technologies such as WORM/Object Lock that provide the best defense for combatting ransomware.

To learn more about how Cloudian can help protect your data from ransomware attacks, go to Ransomware Backup Protection Solutions | Cloudian.

Introducing our New Ransomware Protection Solution for Commvault Environments

Did you know that cyberattacks are one of the Top 10 most-likely global risks according to The World Economic Forum*?  This includes ransomware attacks which are accelerating in frequency.  Cyberhackers are increasingly targeting an organization’s backup data and holding this data hostage in exchange for a ransom payment.  Ransomware attacks work by encrypting the user’s data, rendering it useless with an aim to harm the business.  Organizations that are attacked and lose access to both primary and backup data stores have had to shut down, unable to operate. News of ransomware attacks also adversely impact organizations’ brand and reputation.

Grant Jacobson, Director of Technology Alliances, Cloudian

Did you know that cyberattacks are one of the Top 10 most-likely global risks according to The World Economic Forum*?  This includes ransomware attacks that are accelerating in frequency. Cyberhackers are increasingly targeting an organization’s backup data and holding this data hostage in exchange for a ransom payment. Ransomware attacks work by encrypting the user’s data, rendering it useless with an aim to harm the business. Organizations that are attacked and lose access to both primary and backup data stores have had to shut down, unable to operate. News of ransomware attacks also adversely impact organizations’ brand and reputation.

Successful attacks continue unabated despite many defensive precautions taken, including firewalls, employee training about phishing, and other cybersecurity protections.  Ransomware attacks have been devastating, with 51% of US organizations surveyed opting to pay the ransom after being hit with a successful attack, and 22% of US organizations that paid the ransom never receiving access to their data.**

Earlier this year, we wrote about how object storage protects against ransomware attacks and the importance of S3 Object Lock-enabled WORM storage for data immutability.  We also wrote about the introduction of our ransomware protection solution with Veeam.  This solution combines Veeam v10 with Cloudian HyperStore, with both Veeam and Cloudian supporting S3 Object Lock and ransomware protection at the storage level.

New Solution

Today, we’re adding to our solution portfolio, introducing a new ransomware protection solution serving our customers with Commvault environments.  This solution combines Commvault Complete Backup & Recovery with Cloudian HyperStore and also makes use of the S3 Object Lock capability for built-in, end-to-end data protection.

Read the Solution Brief

With this solution, backups work exactly the same, with no change to the regular Commvault backup workflow.  Users simply create the Object Lock-enabled Cloudian bucket and set the retention period for the backup.  Once the data is backed up, the backup is immutable and cannot be deleted or changed during the retention period. This provides full protection and means ransomware hackers can’t encrypt it and hold it hostage. In the event of an attack, a clean backup copy is always available for data recovery and restoration.

commvault diagram 1

Hardened Solution with Enhanced Security Protections

As with the ransomware protection solution for Veeam environments, this new solution benefits from the use of S3 Object Lock.  Cloudian Object Lock is certified to meet the non-rewriteable, non-erasable storage requirements of SEC Rule 17a-4(f) and also meets the principles-based requirements of CFTC Rule 1.31(c)-(d) and the requirements of FINRA Rule 4511.

In addition to S3 Object Lock, Cloudian customers benefit from additional enhanced security capabilities. This includes Common Criteria EAL2 certification as well as FIPS 140-2 validation, both of which are recognized in countries around the world. Cloudian also supports AES-256 server-side encryption for data at rest and SSL for data in transit (HTTPS). Fine-grained storage policies — including encryption at object and bucket-levels — permit security settings to be individually configured for different users or data types in a shared storage environment. Cloudian also offers enhanced security features such as secure shell, integrated firewall and RBAC / IAM access controls to further protect backup copies.

Service-Provider Ready

Cloud Service Providers can address the urgent need to protect their customer data with this ransomware protection solution while also expanding their business with profitable revenue by offering new data protection services. Ransomware Protection as-a-Service provides assurance to service provider customers, with their own growing volume of data, that they are protected against threats, thefts and data loss.

commvault diagram
Cloudian’s multi-tenancy lets you create multiple backup workflows within a single infrastructure without comprising security.  Integrated billing and quality of service controls (QoS), makes this Cloudian | Commvault solution ideal for service providers and their customers.

Conclusion

The need for a new approach to data protection has never been greater or more urgent.  The Cloudian | Commvault solution with S3 Object Lock data immutability and other security capabilities makes it simple and easy.

* “The Global Risk Report 2020, 15th Edition,” World Economic Forum 2020
**According to this 24 Jan 2020 article from TechTarget

 

Learn more!

commvault ransomware solution
Read the Solution Brief

cohasset assessment report
Get the Cohasset Associates Compliance Assessment

forrester report
Forrester Report:  Four Technologies Combine to Protect You From Ransomware Attacks
GET THE REPORT

object storage free trial
Try Cloudian HyperStore FREE

 

Visit cloudian.com.

How Object Storage Protects You From Ransomware

Did you know that ransomware strikes multiple times every minute? It’s a huge and growing threat, so the logical question is how can your organization protect itself.

You can harden your systems, work diligently on security awareness, and redouble your efforts to prevent malware infections – which are all important. But complex systems result in a complex array of vulnerabilities, and it only takes one to become a victim.

That’s why it’s so important to have an attack-proof recovery strategy in place. One way to thwart ransomware’s encryption is through secure backup. If you can roll back to a previous version of your data – captured before the infection occurred – you can bypass the infection by performing a restore and get back into business.

But just any old backup won’t work. Ransomware can also attack the backup files themselves.  Without the right approach, you can re-infect yourself during a restore.

Forrester analysts write:

“Implementing an immutable file system with underlying WORM storage will make the system watertight from a ransomware protection perspective.”

GET THE FORRESTER REPORT

What’s needed is the ability to store data in a manner in which the data is unchangeable – something Cloudian HyperStore does as a natural part of its operation. Block and file storage structures are readily encrypted, making them great targets for ransomware. But object storage can be made immutable – data remains as written — with WORM (Write Once, Read Many) technology. Cloudian’s WORM feature allows HyperStore to protect data for the retention period you specify. During that time, the data can neither be modified nor deleted, creating an additional security layer. Furthermore, the data is immediately accessible, eliminating the need for a lengthy backup process.

Cloudian’s policy-based data protection features also let you replicate that data to multiple sites, or to the public cloud if desired. So your data is protected from site-specific threats as well.

In the event of a malware attack, restoring your data becomes a simple task of recovery. Administrators roll back to the last snapshot before the ransomware was executed, perform a restore, and your data is back in business.

In the past, WORM technology required specialized storage devices and a workflow that accommodated them. But now object storage systems equipped with a new feature called “Object Lock” deliver WORM functionality within an enterprise storage system. This means that the data is protected at the device level, rather than needing an external layer for defense.

Another advantage is that Object Lock is a standardized feature supported by multiple data protection software platforms. IT managers can, therefore, leverage Object Lock within an automated workflow, eliminating the need to separately manage protected copies of data.

Learn more about how WORM/Object Lock can protect you against ransomware.

Visit our Ransomware Solutions page.

forrester report

Forrester Report:
Four Technologies Combine to Protect You From Ransomware Attacks

GET THE REPORT

Other Related Articles:

Object Storage vs. File Storage

Object Storage vs. Block Storage

 

New Strategies to Stop Ransomware

The effort to stop ransomware is top of mind for IT managers. By one account, the number of reported ransomware incidents increased by nearly 90% year over year between 2016 and 2017, and experts are projecting continuing expansion of this threat in 2018.

The good news is that new approaches employ object storage to provide additional lines of defense beyond the traditional strategies you already know.

Traditional Strategies to Stop Ransomware Have Holes

Traditional strategies for stopping a ransomware attack usually seek to prevent an attack.

This often involves training programs for users, advising them to avoid “phishing” attacks such as emails whose senders are posing as trusted sources.

Another prevention strategy is to sniff payloads on email for known signatures of malware, or to monitor activities in systems to detect aberrant activities that might connote malware activation.

Finally, you can simply isolate critical systems behind additional layers of firewalls and password challenges to constrain the access of users and programs.

Stop ransomware to prevent this screen from ruining your day.
Stop ransomware to prevent this screen from ruining your day!

 

In the long run, these preventive solutions tend to be ineffective.  Users become inured to cautions about email hygiene, and technologies designed to block the inroads of malware are quickly rendered obsolete as signatures change rapidly.  Firewalls and other blockades irritate users and programmers, who eventually find ways to circumvent their protection for convenience.

WORM Protects Your Data in the Event of Attack

Attacks can strike even the best-prepared, making it essential to mitigate the effects of a successful breach.  Here, the best line of defense is at the storage layer, where the data is written.

The storage technology to preserve data integrity already exists. WORM, which stands for “write once, read many,” ensures that data, once written, cannot be changed or deleted until a specified time has passed. Because the data cannot be modified, it therefore cannot be encrypted, thus rendering the malware ineffective. No one, not even those with admin rights, can change the data, thus also protecting it from employees with malicious intent.

WORM technology is straightforward to implement: it is available as a system-level function of Cloudian storage.

Stop ransomware with with WORM storage
WORM storage and versioning techniques can stop ransomware by preventing it from encrypting your data.

WORM-equipped storage can be deployed in three ways:

  • As a backup target: Cloudian storage can act as a target for popular data protection applications including Rubrik, Commvault, and VERITAS. When the WORM feature is activated on this target, the data written is unchangeable for the specified period. This renders hacks pointless.
  • As part of an Enterprise synch-and-share solution: Client systems are among the most vulnerable to attacks. Loss of data on those devices may severely impact overall productivity, making a protection strategy critical. The Cloudian/SME enterprise file synch-and-share solution works in conjunction with users’ laptops and desktops to maintain a copy of critical files on a central repository where they can be made unchangeable with WORM technology. Data remains on-premises, behind your firewall, immediately accessible when needed.
  • As a file server: A straightforward approach is to directly protect files. When configured with Windows/Linux file services plus WORM functionality, Cloudian systems provide a simple means of protecting files as they are stored.

Data Versioning Offers Flexibility

Another option to stop ransomware is data versioning. This creates a new copy of the data when changes are made, while retaining the original copy for a specified period. Thus, if malware encrypts a file, a copy of the unencrypted file will still exist. The benefit of versioning is flexibility: you can erase the old copies at any time to retrieve capacity or comply with data governance rules.

Compared with WORM, versioning offers a lower level of protection: In theory, malware could delete the original, unencrypted data. But ransomware typically does not do this. After all, you can’t collect ransom for data that no longer exists.

Both versioning and WORM technologies provide protection where it matters: where the data resides. And they are both difficult to penetrate and easy to integrate.

Download the “stop ransomware” solution brief here.

Read more about Cloudian storage here.

Categories