Beating Ransomware Starts with Four Key Pillars
Ransomware has been extorting money from small and large businesses through masquerading files and URLs exploiting security holes since around 2005.
Now it’s 2021 and ransomware has evolved to the point of being an omnipresent threat to data security. For most organisations it’s a case of when, not if, they’ll eventually be forced to deal with a ransomware attack.
The harsh reality is that ransomware does not discriminate. 2020 showed even large market organisations such as LG, Garmin and US defense subcontractor Westech were not immune to the threat.
At Digital Sense, our analysis of successful ransomware recovery revealed four critical elements to safeguarding against an attack. These were data reliability, data security, data availability and rapid recovery capability.
Backing up data is like breathing. Everybody does it. However, many organisations neglect one or more of these four pillars. Some overlook them completely which can spell disaster when a ransomware attack occurs or something goes awry.
When constructing our DSProtect product, we mitigated the usual data reliability problem by using incremental forever snapshots that validate the integrity of existing and new data. If any corruption is detected, a new full backup is automatically performed. This process is implemented from the very first back up through the entirety of the data lifecycle.
Each snapshot is immutable. They cannot be modified or altered in any way and any corrupted snapshots are removed. Being immutable in a read-only state also means that the snapshot cannot be modified by an external source such as ransomware.
Additionally, the snapshot cannot be forcibly removed from the platform by external malicious activities. The data gets archived as a relic which is aged out through the DSProtect lifecycle management process.
DSProtect compresses and encrypts data in flight using an AES-256 Cipher to deliver data security. This process is replicated across multiple Availability Zones within a Digital Sense Region. It is also restored in read-only state within a short RTO. The read-only state is important as it maintains integrity and ensures data cannot be manipulated.
Using DSProtect provides multiple RPO options through policy-based data protection. that can be tailored to meet the requirements of your business. This can be tailored to the requirements of an individual business and enables data to be recovered at precise points in time prior to being infected by ransomware.
Rapid recovery capability
Modern business requires data to be highly available and the speed of recovery is critical in the event of a failure or attack. After all, what’s the point of having restoration data that cannot be accessed within a defined time frame?
DSProtect provides ransomware protection for virtual machines as well as protection for Digital Sense hosted file systems using direct API integration into the Digital Sense DSStore platform. This process provides a mechanism for affected files to be directly restored and recovered.
The key to effective data protection, especially when it comes to ransomware, is the ability to rapidly recover data from an immutable platform. This is the key to getting back to business fast and forms a critical component to ransomware protection.
Tony Williamson has held a range of senior leadership roles in cloud infrastructure and engineering for more than 10 years. He is Digital Sense’s Cloud Architect.