“Ransomware is more about manipulating vulnerabilities in human psychology than the adversary’s technological sophistication” – James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology
It’s officially 2021 and with the new year comes all of the promise of a new year! Personally, I am optimistic that we have not only entered this year more knowledgeable ad resilient, but also with the promise of a coronavirus vaccine. Although it will take some time to get this vaccine into the hands of the general population, it gives me hope that social gatherings, face-to-face meetings and, even hugs, will return in the foreseeable future.
Over the last several weeks there have been a lot of discussions around the specific vaccination programs being rolled out around the world. There is no doubt that this is one of the most extensive and complex programs ever attempted and that it’s success will rely on very sophisticated collaboration between the vaccine providers, governments, logistic providers, healthcare practitioners and citizens. As vaccines start to find their way into our cities, government officials appear optimistic but many have also warned of credible external threats that could disrupt the program as a whole. Discussions of these threats have largely focused on protecting the physical “supply-chain” of these vaccines to ensure that they don’t get stolen or spoiled in transit. In addition, there has also been discussion of threats to the “data-chain” (critical files and systems) that all parties are leveraging to distribute and administer the vaccine, even a “ransomware attack”;
What is Ransomware? The encryption of critical files by a malevolent 3rd party , often leveraging stolen credentials, leading to a demand of a ransom (likely paid in untraceable bitcoin) in return for decrypting them. To make matters worse, often the ransomware attack goes beyond the primary source of data encrypting near-line backups. In contrast to traditional cybercrime, Ransomware attacks focus less on the theft of the data itself but rather the encryption of data sets rendering them inaccessible to those that need them. Since the primary data source and, in many cases, the near-line backups are compromised the only viable options are to restore from backups or pay the ransom. Since restoring from traditional backups can take days or even weeks, many organizations are left with no choice but to pay the ransom.
A great blog by Heimdal Security explains the scale of the problem in 2020 –
- 51% of businesses were targeted by ransomware (source).
- There was a 40% surge in global ransomware, reaching 199.7 million hits (source).
- By the end of 2020, ransomware costs were projected to reach $20 billion for all businesses (source).
- The average ransomware payment demand was $233,817 in Q3 2020 (source).
A few weeks ago a colleague of mine, Andrew Miller and I wrote an op-ed on the topic. As a follow-up to this op-ed I had further discussions with the Vancouver Sun and the Toronto Sun to discuss Ransomware and also what steps could be taken to mitigate the risks associated with it.
This discussion of the threat of Ransomware to our vaccination program should be beacon to all of us, organizations and individuals, to rethink what we are doing to protect the digital files that we need most and ask some critical questions of how we manage them. Specifically,
1 – How long could we continue to function without this data? What would be the cost? How much time can we afford to take to recover the data from backup? In the data industry this is sometimes referred to the “Recovery Time Objective”
2 – How much data or how many transactions could we afford to lose in the event that we need to recover the data from backup? In the data industry this is sometimes referred to the “Recovery Point Objective”
3 – Who has access to the files and the storage systems that they are stored on? How are identity and access management credentials managed?
4 – Are your near-line backup archives protected from 3rd party encryption? How quickly could you restore your environment from those files?
So what can organizations do to protect against this risk? At Pure Storage we have and will continue to help our clients mitigate the threat of Ransomware by leveraging two innovative technology innovations, SafeMode and Rapid Recovery.
- SafeMode protect backup data and backup metadata by creating a secure copy. Ransomware can’t eradicate, modify, or encrypt SafeMode snapshots, even with admin credentials
- Pure’s FlashBlade allows you to rapidly restore critical data from backup archives at speeds up to 270TB/hour
- Our solutions are fully integrated with industry leading backup software providers making it simple to enable and integrate them
Ultimately organizations can mitigate the risks associated with the increased threat of Ransomware. It means rethinking our backup architectures in light of these new threats and rethinking the ways in which we plan for potential disasters but by working together we can ensure our key programs and services don’t get interrupted.
Leave a Reply