Ransomware attacks have been dominating the headlines recently, but this is not a new threat. The first known ransomware attack occurred in 1989, but the frequency of these attacks has accelerated which has made this threat a priority across enterprises worldwide.
Ransomware is a specific type of malware that targets unsuspecting users and is often introduced through emails containing a malicious link or attachment. With one click, the Trojan inserts itself within enterprise data systems, often laying dormant for hours to avoid detection. Once activated, the Trojan then infects the system and encrypts specific data volumes and files. The hackers then typically demand payment to decrypt the files, usually via bitcoin.
While the cybersecurity market has since been flooded with prevention tools that can mitigate the risk of an attack, there are other measures outside of the industry which IT professionals need to consider as part of their security strategy.
This is where intelligent, modern software-defined storage infrastructure plays a pivotal role. Since no data is taken in a ransomware attack, many perimeter security products cannot fight or counteract the loss if it’s successful in breaching an organization. In the case of an attack, hackers encrypt data making it inaccessible. The only option is to recover data from a backup, assuming the backups have not been compromised as well—or pay the ransom.
Given the huge cost of traditional storage systems today, to save money, many organizations don't include all their important files in their backups, or don't run their backups often enough to know that they will be protected in the instance of an attack. If the backups are clean, then recovery is typically very slow, making it difficult to meet corporate recovery point objectives (RPO).
In fact, in a breach against the Hollywood Presbyterian Medical Center earlier this year, a malware attack prevented the hospital access to important computer systems. The hospital’s operations were impacted for 10 days and the easiest way for them to restore their system was to pay the $17,000 ransom. According to CSO Online, if clean images of the infected machines were available, the hospital could have recovered the data in minutes.
IT architects and storage administrators have realized that anomaly detection and continuous data protection (CDP) are core technologies that work in conjunction with existing security software to rapidly identify and recover from ransomware attacks. These solutions reduce risk, providing IT administrators with the tools needed to fully recover critical systems from data loss and systems downtime resulting from malware intrusions.
Creating a comprehensive data recovery strategy is streamlined with software defined storage that integrates multiple types of data, files, and systems into a consolidated platform. This is enhanced by storage systems that also incorporate uniform anomaly detection tools with continuous data protection to identify, verify and quickly recover from an attack.
Until now, tools that provide this capability have been cost prohibitive and added significant complexity to the overall solution, but by integrating these solutions on standard x86 servers, overall costs can be dramatically reduced. This is the same strategy used by cloud providers to deliver cost effective data protection and recovery processes at massive scale.
The risk of malware attacks continues to rise and the hackers and becoming much more sophisticated with the attacks to thwart common detection and recovery mechanisms. In order for IT organizations to properly defend their data from malware attacks that can have serious financial implications to the business going forward. Any organization that is at risk from these malware threats should be evaluating software defined storage with integrated CDP to minimize both data loss and downtime.
(About the author: Mark Lewis is chairman and chief executive officer at Formation Data Systems)