In early May 2021, the Colonial Pipeline attack forced one of the largest fuel suppliers to shut down its distribution of gas and jet fuel to the Eastern United States. This event ended up causing panicked gas buying and shortages in twelve states which brought heightened attention to key infrastructure vulnerabilities in the country.
With no other option to get their pipeline running again, Colonial was forced to pay $4.4 Million to the Eastern European cyber hackers called DarkSide. However, it still took an entire week for the pipeline to restore distribution and get the supply chain back on track, and several more days for the country to get back to normal following the attack.
This prompted the Biden Administration and the Department of Homeland Security to take action requiring all companies to increase their reporting and auditing cadence following a cyberattack, or risk incurring financial penalties. But this is not enough.
Following the recent White House cybersecurity summit, it’s clear that the Fed is recognizing the importance of backup in security. IBM said it would train more than 150,000 people in cybersecurity skills in three years and announced a new data storage solution for critical infrastructure companies, while AWS pledged to give account holders free multi-factor authentication devices to better secure their data and is planning to offer “Security Awareness training” to organizations and individuals.
However, even though companies do backups and deploy services to better secure their data, most still struggle to get back up and running when a ransomware attack hits. While cloud storage has evolved to a point where businesses can store seemingly infinite amounts of data in the cloud, it’s harder than ever to protect. Backups and authentication alone clearly don’t suffice.
The roots of ransomware
Although the vast majority of ransomware attacks are initiated on-premises from URL downloads, direct files, exploit kits, and infected USB flash drives, those viruses can be uploaded to the cloud in a backup job. They may or may not be able to affect previous backup jobs, but that recovery point will not be available. Recently we’ve seen instances where cybercriminals have been able to access victims’ networks through exposed remote desktop services and gain access to cloud credentials to use them to delete previous backups or download them to servers under the cybercriminals’ control. With the backups either deleted or under the cybercriminal’s control, they then deploy the ransomware.
In the case of ransomware, like everything else, a good defense is the best offense. There are a variety of anti-malware and decryption products available to protect your system, but one of the simplest ways to keep your data safe is by performing regular backups, ideally keeping at least one backup copy offsite. Encryption on the fly and at rest is helpful, but organizations should also take advantage of immutable features that exist and far too many still don’t.
What is immutability?
According to Merriam Webster, immutable refers to something that is not capable of or susceptible to change. Immutability in cloud storage follows the same principle. It enables users to designate certain files as objects that cannot be tampered with by anyone, even a systems administrator, for a specific period of time. If desired, one can also configure the storage bucket to automatically delete the data after the retention period has expired.
For example, if you need to comply with certain government and industry regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Financial Industry Regulatory Authority (FINRA), Markets in Financial Instruments Directive (MiFID) or Criminal Justice Information Services (CJIS), immutability helps you secure and preserve electronic records, transaction data and activity logs. By adequately protecting and retaining data you can avoid expensive regulatory fines and penalties, and costly legal actions and settlements.
Fighting ransomware with immutability
Because ransomware attacks are on the rise, this begs the question of whether organizations are adequately prepared to recover quickly and with minimal impact to themselves, their partners and customers. If they are not, what should they do to be more proactive with their readiness?
In 2022, we will see more organizations leverage additional storage capabilities to help mitigate the effects of ransomware attacks. Ensuring you have a solid backup and recovery strategy can be the simple difference between paying huge ransoms to keep your business running or simply recovering your backup.
The golden rule for backup is “3 2 1”. Three copies of the data, 2 different types of media/systems, and 1 copy at a remote site. Backup provider Veeam has turned this rule up to “11,” adding guidance that also includes 1 copy should be immutable and there should be 0 issues with data integrity.
In addition to this expanded best practice for backups, Object-level immutability presents one such capability that yields obvious benefits for protecting an organization’s data. Immutability is a key tool in mitigating the negative effects of ransomware attacks from the start because it prevents anyone from tampering with or stealing data regardless of intention. Leveraging data immutability via Object Lock (Object Lock is a data protection feature wherein a user can designate certain files or “objects” to be immutable) is also more likely to provide fast response and recovery should an attack occur. While immutability is nothing new, it is a valuable feature that most organizations still don’t take advantage of. By preventing data from being tampered with, modified or deleted by anyone, even a systems administrator, over a set period of time, immutability adds another layer of protection that organizations can no longer ignore.
This layer of protection must be considered essential for protecting your data from cybersecurity threats and maintaining regulatory compliance. With the Biden Administration’s continued focus on firming up cybersecurity, there needs to be more attention on and investment in modern storage practices, such as immutability, that take precautionary measures against ransomware before it takes a hold of your networks.
David Friend, Co-founder & CEO, Wasabi Technologies