A few years ago, the term ransomware was not something I would hear about regularly. Lately, however, I hear about it all the time. Naturally, my curiosity has made me dive a lot deeper into the subject. A nagging question that has remained on my mind is: How is it possible that an IT organization can become the victim of ransomware? IT organizations must have operational practices in place to avoid getting attacked?!?
Eventually, I came across a podcast that dives into the heartbreaking, heroic, and educational stories of IT professionals who have encountered and fought against ransomware: The Ransomware Files. I would highly recommend it to anyone who is interested in the subject. What should have been obvious to me, but I only realized after listening to a few episodes, is that it can happen to anyone. And when it does happen, you may not even realize that it happened because of something you did.
The lengths to which attackers go to masquerade and obfuscate malicious software could be considered either genius or simply mad. Ranging from plain executables in emails to infected spreadsheets to elaborate supply chain attacks where ransomware is embedded into software at one of your service providers or software suppliers. You would obviously trust your supplier and introduce infected software bundles and tools into your infrastructure unknowingly. At this point, my brain hurts because the possibilities are endless. I mean…how can you avoid getting hit by ransomware?
Ransomware attacks are expensive
It is no surprise that industry analysts and cybercrime experts are putting big numbers behind ransomware. For example, Cybersecurity Ventures estimated that ransomware attacks accounted for 20 billion USD in corporate losses in the year 2021*, whereas Gartner estimates that by 2025, 75% of organizations will have suffered from a ransomware incident. It is therefore critical that organizations invest in technologies to prevent ransomware from becoming an expensive problem.
And while prevention is key, examples demonstrate that there is no universal tool that will prevent you from getting attacked. Therefore, a solid response and recovery plan is required.
Recovery may not be trivial
Recovery should be a straightforward process. You recover your operating system and application binaries and then your application data. There are many options available to do that, but when inspecting these options closely, their process is not trivial. Granted, the recovery of only the application data, when using external enterprise storage systems, is rather trivial. For many years, snapshot technology has made fast application data recovery a breeze. The tricky part for IT is finding an unencrypted version of the data and restore to the recovery point—standard recovery practice.
Unfortunately, recovering your application data alone is not enough. You also need to recover the operating system, which is usually stored on direct attached drives, often on a mirrored drive. Here, the recovery process isn’t that trivial anymore. The operating system can either be re-installed from scratch–assuming you know the exact configuration of that system, its application, and cluster configuration–or by recovering from an image backup. Both options are lengthy and time consuming, and when done on multiple servers, can take hours to days, and require a large staff that can perform the recovery in parallel.
Of course, this assumes that you have access to your critical infrastructure services that you require for recovery. I’m talking about the tools and resources that you need to recover from your backups, the installation images and binaries you need to reinstall operating systems, the management consoles that you need to promote snapshots and manage virtual machines or containers. It is not uncommon for ransomware to attack critical infrastructure services that prevent IT organizations from accessing their infrastructure. What do you do if these tools are not available?
The ultimate ransomware protection?
Ultimately, the best way to protect from ransomware is by being proactive, by avoiding having to pay the ransom, and as a result breaking the business model for cybercriminals. If there is no money in the game, it will slow down. But cybercriminals are not always interested in profits, sometimes their objective is to destroy, to put companies out of business, influence market dynamics, or attack entire countries.
So, I should have said that the best way to recover from ransomware is by being proactive. This means implementing a zero-trust policy and investing in infrastructure technologies that can help you recover your precious data and operating environments quickly. Nebulon can help you with the latter.
Nebulon TimeJump is a new capability of smartInfrastructure that brings down the ransomware recovery time of physical infrastructure from multiple days to under 4 minutes for both the operating system and application data, for many clusters at once, allowing IT organizations to recover much more quickly. It is the first and only combined server and storage solution architected to allow complete ransomware recovery in less than 4 minutes.
We do this through our services processing unit (SPU), a PCIe card embedded in application servers in a separate fault domain and an isolated security domain from the server. This means that any ransomware that is running on the server cannot encrypt the servers’ drives or compromises the storage layer, and that operating system crashes that are caused by ransomware or other malware won’t affect the availability of the SPU’s enterprise data storage services. The immutable snapshot capabilities of the SPU can protect both the operating system and applications, allowing the fastest operating system recovery times available.
What to take away from this?
One thing is certain, ransomware attacks have become inevitable. So, protecting your critical infrastructure by implementing technologies for fast recovery, especially for your management infrastructure that you desperately need to operate your company, is imperative. This avoids the need to pay any ransoms that fuel the ransomware business.
To learn more about TimeJump, a core capability of Nebulon smartInfrastructure that enables you to recover your physical infrastructure in under 4 minutes, register for our webinar.
*Cybercrime To Cost The World $10.5 Trillion Annually By 2025, Cybersecurity Ventures, Dec 2021