Ransomware is becoming a growing problem, and not just for larger organizations. As modern encryption methods become more sophisticated, so do ransomware scams. These threaten encryption of vital data unless a fine or “ransom” is paid. Would-be ransomers are now targeting “mid-market” organizations, hoping that these have fewer resources to detect, repel, or recover from the attack.
But ransomware is, at its core, a scare tactic. As James Scott, Senior Fellow at the Institute for Critical Infrastructure Technology, puts it: “Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication.”
Which means that, far from being the cause of ransomware attacks, technology is the solution.
The Growth of the Ransomware Threat in 2022
Which raises the question: What can small and mid-sized organizations with fewer resources possibly do to mitigate or prevent the potential damage done by ransomware attacks?
Recoverability Renders Ransomware Useless
Naturally, the first line of defense against ransomware would be to prevent the infection and spread of malicious software to begin with. But that’s a tall order. Today’s modern organizations have multiple databases, tied in with multiple outside networks (vendor databases, for example). Add in the human element—someone falling for a phishing scheme, for instance—and it’s likely that most organizations have compromising ransomware somewhere in their digital ecosystem.
But if organizations can’t prevent ransomware from taking hold, they can render it useless. In fact, cybersecurity experts often recommend not paying the ransom. This keeps money out of the bad actors’ hands and lowers the chance they will do it again.
That makes recoverability the lynchpin of any ransomware defense strategy. If an organization can recover their data and applications from a point in time before the ransomware infected the system, they can refuse the ransom while minimizing their losses.
Immutable Storage and WORM for Recoverability
Immutable storage (more specifically, immutable backups) are a part of any organization’s data recoverability efforts. An immutable backup is a backup file that can’t be altered in any way. Most systems for immutable backup also have extensive logging capabilities for recording who accessed what bits of data, and when.
Immutable backups should be created using a WORM (write-once-read-many) designated database or data archive. In a WORM system, data cannot be changed, overwritten, or deleted—not even by the administrator. This means that a bit of ransomware cannot overwrite the data present in the database with an encrypted form.
The idea of WORM is not necessarily new—some forms of WORM have been around for decades. What is new is incorporating WORM data archives into a modern infrastructure dominated by cloud applications and APIs.
Considerations for Using WORM to Protect Against Ransomware
Of course, immutable storage is not a cure-all when it comes to ransomware. A 2021 article in TechTarget, for example, takes aim at the idea that immutable storage can be used alone, or that it is really a “last line of defense” against ransomware.
The overall idea is correct: Immutable storage should be part of a larger, more holistic strategy to prevent and combat ransomware breaches. The takeaway here is that, when WORM databases are set up and maintained correctly, they do offer solid defense against this costly kind of attack.
That setup and maintenance should include:
Again, immutable storage cannot detect or discourage ransomware attacks. But, to use a medical metaphor, it can bolster the organization’s immune system to fight and recover from such attacks when they do happen.
