How You Can Safeguard Your Data Against Ransomware
Last year, the American oil pipeline giant Colonial Pipeline was severely hit by the ransomware Darkside. The incident partially crippled the company’s oil and gas pipeline system, which supplies 45% of the east coast’s oil, forcing the US government to declare a State of Emergency.
That ransomware can cause such damage is nothing short of shocking. You may have heard of other notorious ransomware threats, such as Ryuk, Maze (ChaCha), and Defray777. According to the Unit 42 Ransomware Threat Report 2021, “At least 16 different ransomware variants are now threatening to expose data or utilizing leak sites.”
Cybercriminals are getting greedy. This same report also stated that “the average ransom paid by organizations in the US, Canada, and Europe increased from US$115,123 in 2019 to US$312,493 in 2020 — a 171% year-over-year increase.”
So, something must be done to protect your storage and ensure the safe operation of your business.
Ongoing ransomware trends
Ransomware attacks are showing several significant trends as they evolve.
Targeting large enterprises and infrastructure. Over 50% of ransomware attacks target one of three industries: banking, utilities, and retail, meaning they target high-value companies rather than ransom campaigns.
Ransomware-as-a-Service model. Ransomware operators have started to adopt the ransomware-as-a-service model as they continually look for organizations to target. This model allows cybercriminals to launch attacks with existing ransomware, which is simple to execute, highly effective, and exceedingly profitable.
The rise of double extortion. Ransomware is not limited to encrypting data and demanding ransoms. It also aims to steal, extort, and expose private data, significantly increasing financial loss and impact of victims.
APT-like ransomware attacks. Attacks are customized by high-level attack teams for the precise extortion of specific victims. The capability and threat of the attacks are similar to advanced persistent threats (APTs) that gain unauthorized access to a computer network and remain undetected for an extended period.
Ransomware outbreak to create a new normal. The rapid development of networks and IT, widespread use of big data, cloud computing, mobile Internet, and the increasing popularity of cryptocurrencies have accompanied a widespread outbreak of ransomware.
Sail safe in business with us
Ransomware has become a major global cyber threat. It encrypts or steals victims’ data and makes computers or files unusable or unreadable. With new and updated variants emerging, a single protection solution is not enough to protect against all data extortion threats.
At Huawei, we provide the ransomware protection solution using SAN and NAS primary storage and backup storage. With SAN primary storage, we provide secure snapshot and storage encryption features in the base ransomware protection package. Secure snapshot ensures storage data is read-only and cannot be modified or deleted within a specified time range in the production center and isolation zone. Meanwhile, storage encryption ensures storage data security and prevents sensitive information leaks caused by ransomware attacks.
The advanced ransomware protection package adds more features to the base solution, including air gap, replication link encryption, and isolation zone creation. Air gap is a network security measure employed to ensure that a secure computer network is physically isolated from unsecured networks. It automatically disconnects replication links and replicates data to the isolation zone for better protection. Replication link encryption encrypts transmission links to prevent sensitive information leaks during replication.
What makes our solution so powerful?
Attack vs Defense: Four scenarios where our ransomware protection can keep your data safe
Our lab results show ideal results for ransomware protection, thanks to several key technologies we use in our solution.
End-to-end data tampering prevention. Ransomware attacks have evolved from “pay the ransom and get your data back” to “pay the ransom or we expose your data.” Data encryption and protection against leaks are basic requirements for ransomware protection.
Air gap. Air gap is a physical isolation measure. Isolated storage of backup copies is the best way to defend against ransomware because it directly reduces the possibility of attacks.
File system WORM and secure snapshot. Ransomware infiltrates the backup system and deletes the backup data before encrypting production data and using that to demand a ransom. Without backup data available, users have to pay the ransom to get their data back. Therefore, anti-tampering of backup data — which the write-once-read-many (WORM) and secure snapshot features are capable of — is particularly important in defense against ransomware attacks.
Ransomware detection. Ransomware attacks are unavoidable. Both the ransomware file and production data encrypted by the ransomware can be backed up to the backup system. A security breach may occur again when infected copies are used. Therefore, ransomware detection needs to be performed on both production data and backup copies to ensure that all data is “clean” and safe to use.
Employee training and basic security measures like a firewall are necessary to protect your primary and backup storage from ransomware. But more importantly, you want to construct a multi-layer ransomware protection system, and when you do, the Huawei Ransomware Protection Storage Solution is a great choice.
Disclaimer: Any views and/or opinions expressed in this post by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Huawei Technologies.