Given the “success” of its initial wave, the ransomware problem is getting worse. Backups seem to be the “go to” solution but really they should represent the last line of defense. The problem with backups are that they are not frequent enough to protect all the data that ransomware can impact. In a busy organization, a lot of data can be created and modified between backup jobs. And it is this most active data that organizations are willing to pay for to get unlocked. Ransomware developers know this and are exploiting it with strains of the code that can infect more file types, faster than ever.
What is Ransomware?
It is not a matter of if but a matter of when someone will hit an organization with a ransomware attack. Ransomware is most typically triggered by an unsuspecting user clicking on a link in email they shouldn’t touch. That link downloads the ransomware code and it starts crawling through the network looking for files to encrypt. As these attacks increase in their sophistication, they target specific corporate servers.
The focus is on unstructured data, which is an easy target in most organizations because it does not have a lot of security protection. The distribution of this data and number of files that organizations have in this data set is problematic for traditional backup processes. As mentioned above, it is also the data most likely to be created and/or heavily modified between backup events –- meaning that it is exposed to the ransomware attack with no possible fallback.
Unlocking the encrypted files requires a decryption key, which is held by the virus’ developers. The organization has to pay the developers to unlock the files, typically in bitcoin. There are no guarantees that the virus’ developers will actually unlock the code when you pay them, and there’s certainly no guarantee that they will not try to infect you again.
The Ransomware Recovery Problem
The most obvious way to recover from a ransomware attack is to pay the ransom. As distasteful as it sounds, this is the most viable option for companies who were not prepared. The problem, other than the embarrassment of having to give in, is the cost associated with the ransom. Most ransomware developers keep the fee just high enough to be painful but low enough that the organization will at least consider it. The typical cost to unlock enterprise files is around $20,000 – high enough to be painful but low enough to pay. Of course the other ramification for IT to consider is job security. If ransomware attacks happen often enough and IT is not presenting viable solutions to the problem, they could get a final visit from HR.
But how much should you pay to protect yourself from ransomware? IT can’t go out and spend $1,000,000 to solve a $20,000 problem (even though multiple attacks could easily add up to millions of dollars). The reality is that the ransomware solution will have to solve other problems, and protection from the virus will have to come with a solution that solves other problems in the environment.
The Backup Solution
A good backup, in theory, should protect the organization from a ransomware attack. The problem is the creation and modification of unstructured data throughout the day. Backups typically run once per night, especially on “non-critical” data like user files. For example, if the ransomware attack happens at 4 p.m., near the end of a typical workday, all the data created and modified since the last backup is exposed. The other problem with backup protection is the time required to restore hundreds of thousands, if not millions, of small files. This can potentially take days.
Cloud backup solutions will have the same problem. The backups are infrequent and the time it takes to restore thousands to millions of files from the cloud is even worse than a local backup.
Backup certainly has its strong points, but protecting an organization from ransomware is not one of them.
The Cloud NAS Solution
Cloud NAS is an IT solution that solves many IT problems all at once, protection from ransomware being one of them. Architecturally these systems use an appliance that is installed within the organization’s data center. That appliance acts as the NAS and stores all unstructured data. As users add or change data, the system sends frequent snapshots to a cloud storage service. Some Cloud NAS solutions create a global file system so that multiple appliances residing in separate data centers and the shared cloud storage volume appear as a single pool of storage that can be shared across sites. The IT administrator can set the appliance so that it stores only the most active data set, or so that it stores all data there.
The result is that Cloud NAS solves many problems facing data centers today, while reducing costs. First, it is an infinite storage area for its most active data set. Second, it provides built-in data management so that it stores only the most active data on premises. Third, it effectively replaces backup, at least for unstructured data. Since it constantly replicates the data to the cloud, it meets the requirement for off-site backup. The use of frequent snapshots provides a point-in-time protection so that it can restore previous versions of a file.
Finally, it is an ideal solution for protecting organizations from ransomware. Since there is constant snapshotting, an isolated version of every single file is made throughout the data. It’s true that if a ransomware attack occurs and it takes IT a while to identify the attack, that encrypted data may be in the cloud. But the multiple and frequent snapshots that are in the cloud contain the most recent versions before the encryption – thus protecting data from the attack.
When it has the global file system capability, Cloud NAS can also help in the event of a restore. Any cloud is susceptible to the performance impact of copying a million files back to the enterprise, but armed with a global file system, a Cloud NAS solution can make this data instantly available. Initially, access will be directly to the cloud copy, and as those accesses occur, it copies back to the local appliance. While the data center may see a short-term decrease in file access performance, all data is instantly available and online.
Ransomware is here to stay, it is another riddle that IT professionals need to solve. The problem is that the “ransom” part of ransomware is kept low enough that infected organizations can typically afford to pay it. This means that the solution to the ransomware problem needs to be equally low cost, and ideally come along “for free” as part of a bigger solution. Cloud NAS solves a multitude of file/unstructured data problems and it happens to solve the ransomware problem quite nicely.
Sponsored by Nasuni
Nasuni is an enterprise storage company that provides globally-distributed organizations with a simple, unified storage solution. By combining on-premises hardware with cloud storage, Nasuni delivers a secure, all-in-one data storage solution that provides local performance for users, simplified and centralized management for IT, and an easily scalable, complete storage service for the global enterprise.