Need a Ransomware Protection Strategy? Immutable Storage Might Just Be the Key
Ransomware is becoming a growing problem, and not just for larger organizations. As modern encryption methods become more sophisticated, so do ransomware scams. These threaten encryption of vital data unless a fine or “ransom” is paid. Would-be ransomers are now targeting “mid-market” organizations, hoping that these have fewer resources to detect, repel, or recover from the attack.
But ransomware is, at its core, a scare tactic. As James Scott, Senior Fellow at the Institute for Critical Infrastructure Technology, puts it: “Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication.”
Which means that, far from being the cause of ransomware attacks, technology is the solution.
The Growth of the Ransomware Threat in 2022
That ransomware poses a sizable security threat to organizations is not news. The FBI’s Internet Crime Complaint Center (IC3), which provides the public with a trustworthy source for reporting information on cyber incidents, reported some 2,474 ransomware complaints in 2020. This reflects a whopping 225% increase in ransom demands due to ransomware. Those demands are thought to total $16.1 million in losses in the U.S. The amount lost to ransomware worldwide is on an order of magnitude greater than that.
In addition, the Cybersecurity & Infrastructure Security Agency (CISA) reported in February 2022 that it was aware of ransomware incidents within 14 out of 16 critical infrastructure sectors in the U.S.
But it’s not just big businesses and critical infrastructure that are being targeted. Ransomers are starting to target smaller organizations. Automation and increasingly sophisticated techniques are allowing criminals to scale their efforts to hit more of these smaller companies. And, without proper resources or protection, those smaller organizations are more likely to be vulnerable to such attacks—and to pay the outrageous ransoms.
Which raises the question: What can small and mid-sized organizations with fewer resources possibly do to mitigate or prevent the potential damage done by ransomware attacks?
Recoverability Renders Ransomware Useless
Naturally, the first line of defense against ransomware would be to prevent the infection and spread of malicious software to begin with. But that’s a tall order. Today’s modern organizations have multiple databases, tied in with multiple outside networks (vendor databases, for example). Add in the human element—someone falling for a phishing scheme, for instance—and it’s likely that most organizations have compromising ransomware somewhere in their digital ecosystem.
But if organizations can’t prevent ransomware from taking hold, they can render it useless. In fact, cybersecurity experts often recommend not paying the ransom. This keeps money out of the bad actors’ hands and lowers the chance they will do it again.
That makes recoverability the lynchpin of any ransomware defense strategy. If an organization can recover their data and applications from a point in time before the ransomware infected the system, they can refuse the ransom while minimizing their losses.
Immutable Storage and WORM for Recoverability
Immutable storage (more specifically, immutable backups) are a part of any organization’s data recoverability efforts. An immutable backup is a backup file that can’t be altered in any way. Most systems for immutable backup also have extensive logging capabilities for recording who accessed what bits of data, and when.
Immutable backups should be created using a WORM (write-once-read-many) designated database or data archive. In a WORM system, data cannot be changed, overwritten, or deleted—not even by the administrator. This means that a bit of ransomware cannot overwrite the data present in the database with an encrypted form.
The idea of WORM is not necessarily new—some forms of WORM have been around for decades. What is new is incorporating WORM data archives into a modern infrastructure dominated by cloud applications and APIs.
Considerations for Using WORM to Protect Against Ransomware
Of course, immutable storage is not a cure-all when it comes to ransomware. A 2021 article in TechTarget, for example, takes aim at the idea that immutable storage can be used alone, or that it is really a “last line of defense” against ransomware.
The overall idea is correct: Immutable storage should be part of a larger, more holistic strategy to prevent and combat ransomware breaches. The takeaway here is that, when WORM databases are set up and maintained correctly, they do offer solid defense against this costly kind of attack.
That setup and maintenance should include:
- Evaluating storage systems for “backdoors” that could give would-be ransomers the ability to remove WORM designations or delete whole clusters serving backup functions.
- Employing a suitable versioning system (for example, creating new versions of backups rather than appending to, or changing, previous versions).
- Scheduling backups and maintaining versions at an interval that makes sense for business continuity.
- Monitoring access logs to identify unauthorized users or suspect locations.
- Employee education and training, so that ransomware does not take root to begin with.
Again, immutable storage cannot detect or discourage ransomware attacks. But, to use a medical metaphor, it can bolster the organization’s immune system to fight and recover from such attacks when they do happen.
Do you have further questions about ransomware and immutable storage? Or just need help setting up your own immutable storage solution? Reach out to us so we can discuss the possibilities.