RANSOMWARE ATTACKS - THEY'RE BAAAACK!

As IT executives manage storage resources and access to data the ever present threat of a cyberattack on the infrastructure looms heavy on their minds. Cyberattacks are not only back, they never left and are on the rise. As reported by the Enterprise Strategy Group ransomware attacks affected 79% of respondent organizations in 2021. In this edition of BlogBytes we will examine this menacing trend beginning with a severe cloud attack and how you can defend against it with help from LTO technology.

CLOUD ATTACK

A cloud host service provider was hit hard by a ransomware attack that affected almost all of their clients. A recent Yahoo Finance article described the incident stating that “The Denmark-based cloud company said the ransomware attack began Friday, during which cybercriminals shut down all systems, including its website and email, and encrypted customer systems and websites.” The victim stated that, “The attackers succeeded in encrypting all servers’ disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data.” Apparently the attackers gained access to nearly all online primary and backup disk systems. Could offline secure backup have helped this unfortunate victim and their clients to regain access to their data? Read on.

ATTACKS ARE ON THE RISE

Ransomware attacks increased in 2021 by 37% as reported by Sophos, with the average ransomware payment at over $800K (USD), a nearly 5X increase over the previous year. The report notes that, “On average, organizations that suffered attacks in the last year took one month to recover from the most significant attack – a long time for most companies.” The attack on the Danish CSP is a trend seen more and more, which are attacks on supply chains, that is, attacks that widen the net. A TechTarget article explains that, “Instead of attacking a single victim, supply chain attacks extend the blast radius. A prime example of [this type of] a ransomware attack is the 2021 attack [on a software firm], which affected at least 1,500 of its managed service provider customers.”

PROACTIVE DEFENSE IS THE KEY

In the paper, Proactive Defense Strategies Provide the Best Chance to Defeat Ransomware, IDC explains that cyber criminals “seek to maximize profit with the least possible effort. Thus, they look for soft, profitable targets.

Organizations that make themselves difficult targets have the best chance of forcing the cybercriminals to just move on.” IDC elaborates that a number of crucial defensive strategies should be employed including:

  • Encryption – Data should be encrypted at rest on primary storage and in flight when being sent over a network and when stored in a backup data set.
  • Air gap – Air gap is a means of taking a data copy, usually a backup copy, offline so that it is physically disconnected from any network and therefore inaccessible to cybercriminals.
  • 3-2-1-1 backup strategy – 3-2-1-1 is an update to the old 3-2-1 strategy. This means three copies of the data on two different types of media, with one copy onsite and offline and one copy offsite and offline.

IDC goes on to explain how LTO technology can address each of these defense strategies: “LTO tape drives have government-grade encryption built in. Because this encryption is at the hardware level, it can be implemented without performance penalty. Encrypted tapes will be useless to anyone without the encryption key.” LTO tapes can support air gap strategies; “The removal of tapes from a library eliminates the physical connectivity needed to access, modify, or delete the data on the cartridges.” And, to support a solid backup strategy, “Tape can serve as the second media type, the onsite/offline copy as well as the offsite/offline copy of data (the 2-1-1 part of the strategy).

Cybercrime, especially ransomware attacks, are prevalent. Be prepared, be proactive, protect your data and your organization – use LTO technology. See more on data protection against ransomware assaults in this short video.