Security experts continue to tout increased perimeter defense as the catch all for ransomware protection. However, in a recent report, 49% of businesses that experienced an attack had perimeter defenses in place and ransomware still managed to get in. In addition, 65% of the organizations that were penetrated through phishing emails had conducted anti-phishing training for employees. The threat of ransomware will only continue to rise, making it a matter of “if,” not “when,” an attack will occur. Given these realities, more organizations will recognize the need to protect data at the storage layer with an immutable backup copy, ultimately ensuring they can recover quickly from an attack without having to pay ransom.
We spoke with Cloudian's Jon Toor to discuss this topic in more depth.
How are cybercriminals using ransomware to attack businesses?
Generally, cybercriminals take two approaches to ransomware: they encrypt data to prevent victims from accessing it, and they download confidential or sensitive information and threaten to release it to the public. These two approaches are not mutually exclusive – cybercriminals will often encrypt data and threaten to release it to the public if ransoms aren’t paid within a certain timeframe.
What are organizations doing to protect against ransomware today?
Most organizations rely on traditional strategies to combat ransomware, such as using perimeter security solutions and conducting anti-phishing training for employees. While these are important best practices, they are often not enough to stop attacks. Over the past couple years, hackers have increasingly demonstrated the ability to overcome or circumvent these traditional defenses. And it’s important to remember that ransomware only needs to get through once to spread throughout an organization and cause massive disruption. So even if your firewall prevents 99 out of 100 ransomware attacks, that one miss could potentially devastate your enterprise.
What should organizations do to safeguard themselves against ransomware?
To mitigate the impact of ransomware, organizations must embrace both data encryption and immutability.
How can they employ data encryption to combat ransomware?
Data encryption works by changing data into ciphertext, an unrecognizable format that requires a special key to decipher it. Without the corresponding decryption key, hackers can’t read or release the data in a form that’s intelligible.
Both data-at-rest (stored data) and data-in-flight (data that’s being acquired or moved within an organization, such as data being migrated to a public cloud) should be encrypted to prevent data extortion. For data-at-rest, AES-256 encryption employs a system-generated encryption key (regular Server-side Encryption, or SSE) or a customer-provided and managed encryption key (SSE-C). Here, the upload and download requests are securely submitted using HTTPS, and the system does not store a copy of the encryption key.
Data in-flight is also vulnerable to breaches through a process called “eavesdropping.” Using this method, cybercriminals “listen” to data communications, searching for passwords or other information being transmitted in plaintext. To prevent eavesdropping, AES-256 encryption can be combined with secure transport protocols. These protocols include SSE, Amazon Web Services Key Management Service (AWS KMS), OASIS Key Management Interoperability Protocol (KMIP) and Transport Layer Security / Secure Socket Layer (TLS/SSL).
What about data immutability?
As noted above, in traditional ransomware attacks, cybercriminals encrypt an enterprise’s data, holding it hostage and making it inaccessible until the victim pays a ransom. The best way to defend against these attacks is by creating immutable backup copies of your data. Immutable storage is cost efficient and simple to use: Once an immutable backup copy is written, that backup cannot be altered or erased for a specified period of time, making it impossible for ransomware to encrypt the data. If a ransomware attack does occur, organizations can rapidly restore the unchanged data backup through a normal recovery process. There’s no need to pay a ransom.
How can I implement data immutability?
One of the best ways to implement data immutability is with a technology called Object Lock that is available from select object storage providers. Object Lock can now be implemented as part of an automated backup workflow, making recovery quick and easy.