Skip to main content

Q&A: Mitigating and recovering from ransomware attacks

We spoke to Mark Lewis, CEO of Formation Data Systems, about the 'hottest' threat in cyber security: Ransomware.

Ransomware attacks seem to be increasing and there have been many high profile attacks this year. What lessons can organisations take away from these attacks?

Broad, indiscriminate ransomware attacks are increasing in frequency, but a more disturbing threat is the trend towards targeted crypto-ransomware attacks, which require much higher levels of technical expertise in order to penetrate systems and potentially go undetected by traditional counter-measures.

These targeted attacks tend to focus on larger businesses and will often sit idle to avoid detection, with a delayed activation cycle that has the potential of infecting thousands of servers within these enterprises. Many organisations have learned that it is not only important to constantly increase their defensive posture against these types of malware attacks, but that they need to take a hard look at recovery mechanisms that can recover systems to a known good state with minimal downtime and reduce amount of data lost due to the recovery operation.

Some in the industry are also concluding that attacks are inevitable. What can organisations do to reduce risk and recover from an attack?

Organisations must remain vigilant in ensuring against any vulnerabilities and that patches are installed on all public facing servers. They also need to be stricter in enforcing policies that would require that important files be stored on central file servers rather than on local machines.

Additionally, companies should evaluate their recovery strategies against data loss or data unavailability. Recovery from traditional backups may no longer be effective in recovering systems back to a known good state because of the amount of data loss and downtime required to resume operations.  Organisations that utilise more advanced recovery techniques such as continuous data protection (CDP) and granular snapshots as restore points, have the inherent ability to roll data back to a known good state.

Organisations that have deployed CDP technology as part of a more comprehensive operational recovery strategy, find that they have lower data loss (Recovery Point Objectives) and less downtime (Recovery Time Objectives) after systems have been restored.

What role can storage play in mitigating the risks of ransomware attacks that traditional security solutions cannot?

Innovations in modern enterprise storage systems can play a pivotal role by working in conjunction with security systems and providing protection and recovery for these kind of ransomware attacks. Backups have become targets of ransomware attacks, so customers cannot always rely on the integrity of a backup. Therefore, technologies such as continuous data protection (CDP) play an important role in a fast recovery with minimal data loss.

Why should CIOs and IT decision leaders consider software-defined storage as a key part of their organisation’s data recovery strategy? Are there any tools or features they should look out for when choosing a platform to help fight malware-related risks?

Software defined storage (SDS) offers CIOs much more flexibility, scalability and control than traditional hardware based designs. Many of the innovations for storage systems that would provide adequate protection and recovery from ransomware don’t exist within traditional storage arrays, but are available in modern, software-based storage systems.

When evaluating different SDS solutions, it is important to look for capabilities such as continuous data protection (CDP), encryption, compression and deduplication that would provide advanced protection and recovery against these kinds of attacks.

Image source: Shutterstock/Carlos Amarillo