Antidote for Ransomware: Secondary Storage

This article was published on Jul 12, 2018 on the blog of Veristor Systems, Inc., provider of transformative business technology solutions that helps customers accelerate the time-to-value for the software, infrastructure and systems they deploy, by Jason Grant, director, storage and data solutions.

Secondary Storage: The Antidote for Ransomware
(why a good snapshot is a great defense)

Cybercriminals are changing their tactics. As surprising as it might sound, they no longer always ask for a ransom. Instead, they often find satisfaction in breaching your infrastructure and simply deleting your data. No demands, no asking for payment-your data is just gone, and there’s nothing you can do about it.

The traditional way to solve the ransomware problem has been to recover the data from backups. This approach assumes that backups are always working properly and the backup environment has not also been compromised by the attack. But these days, neither assumption can be taken for granted.

There’s also the issue of the restore process. Depending on how much data you backup, the time to restore could be extensive. Your business will be crippled, perhaps for several hours to days or even weeks, as you wait for the restore process to run its course.

Secondary Storage to the Rescue
Ransomware attacks seeking to delete data typically do not target structured data, such as databases, which are usually stored in primary storage systems. Hackers who get end users to click on a malicious link in an email that gives them access to your infrastructure most often go after unstructured data-including file shares, public directories, and user directories.

Once hackers gain access, they can change permissions across the file hierarchies. This prevents users from accessing data supported by those hierarchies, and at that point the hackers can either ask for a ransom in return for unlocking the access, or start deleting data at will. In either case, the business is helpless.

Fortunately, a relatively new methodology-consolidated secondary storage-is emerging to protect businesses against such attacks. Secondary storage differs from primary storage mainly based on R/W performance capabilities. Instead of focusing on delivering mission-critical files fast, secondary storage is more concerned about ensuring access and availability.

How Secondary Storage Protects Files
Cybercriminals are not able to hold secondary storage for ransom because of the immutable methodology in which the data is stored. They do not expose data via traditional protocols or interfaces that are accessible.

Even if a hacker somehow manages to see a directory and lock it down at the user level, a system admin can simply revert the directory to a different point-in-time. This preserves all the file data, security credentials, and directory structures as they appeared prior to the attack.

The concept of secondary storage is relatively new but the technology behind it has evolved in recent years. By utilizing snapshot and object technology, secondary storage allows businesses to protect files at regular intervals.

In addition to protecting file shares, directories, and other unstructured content, secondary storage can also be used as a backup and DR methodology as well as environments for application development and testing, archives and analytics. To lower storage costs, businesses can consolidate all of these environments onto a single, unified secondary storage platform which enables all secondary storage instances to be managed from a single console view.

Ransomware Attacks no Longer a Worry
The big payoff of secondary storage comes when your business gets hit with a successful ransomware attack. You no longer have to pay ransoms to get access to your data, and you don’t have to worry about your data being deleted completely.

A simplified recovery process enables you to immediately roll back your storage infrastructure to any time prior to the attack, based on the policy configuration of your snapshots. There’s no change in user-access, and there’s no long recovery process waiting for data to be restored. You’re simply pointing users to a different point-in-time for the affected directories so they can get back to businesses fast.

In case a disaster strikes your entire data center, it’s a good idea to replicate the secondary storage infrastructure to another physical location or to the cloud. A software-defined instance in the cloud-where you can scale up storage resources more easily and many times more cost effectively than in a separate physical data center-also gives you the flexibility to roll back to an earlier time frame that’s beyond the retention capacity of your local snapshots.

A Priceless Payoff
The importance of governing and protecting unstructured data will continue to grow. According to an IDC survey, unstructured data represents the lion’s share of stored information, occupying approximately 80% of storage volume compared to only 20% for structured data.(1) As businesses undergo digital transformations, their volumes of unstructured data are only expected to grow.

If you’re unsure how to manage your unstructured data and protect it from ransomware, a consolidated secondary storage platform may be a good place to start. By deploying secondary storage, you can consolidate storage for all of your unstructured data as well as your environments for application development and testing, backups, archives and analytics.

In addition to reducing your overall storage costs, taking this approach gives you the ability to immediately recover all your data should a hacker breach your infrastructure with ransomware. That kind of payoff is priceless.

(1) Analysis of Unstructured Data: Applications of Text Analytics and Sentiment Mining, Dr. Goutam Chakraborty, professor, department of marketing, Spears School of Business, Oklahoma State University and Murali Krishna Pagolu, analytical consultant, SAS Institute Inc., Cary, NC