Ransomware is an Infrastructure Problem

While most vendors focus on backups, ransomware is an infrastructure problem, not just a data problem. The problem is that the infrastructure is a complex mess, and infrastructure software companies, like VMware, have done little to help out beleaguered IT professionals; instead, the company continues to push organizations toward backup vendors.

Backup is not the Ransomware Answer

Every organization should include backup as part of their ransomware response. It should not, however, be the sole component of that response. Backup is the recovery point of last resort. It is what you turn to when everything else has gone wrong. The right infrastructure software solution can ensure that “everything going wrong” is rare.

The problem with backup is time. It takes time to create a backup, even with advanced technology like changed block tracking. It takes even more time to recover. The element of time means that most customers won’t capture data frequently enough to minimize data loss from an attack. In the ransomware era, once, even twice a day, is not enough.

Companies need capabilities to protect data frequently, even hourly, so that rapid recovery with minimal data loss is possible. The protection method must be superior to VMware’s snapshot technology, and cloning may be the best option yet.

The Ransomware Infrastructure Problem

As the title suggests, ransomware is an infrastructure-wide problem. It can corrupt network configuration files, hypervisor, and storage settings. If these settings are encrypted, the recovery effort, while not impossible, becomes far more time-consuming. And time is what the bad actor wants you to spend so that your CxOs become so frustrated they start considering paying the ransom instead of waiting for you.

There are three steps to solidifying the infrastructure:

1. Simplify Patching
2. Harden Platform Software
3. Protect Everything

Simplify Patching

The first step in creating a ransomware-resilient infrastructure is to simplify patching. In almost every reported case of a successful ransomware attack, an available patch already existed from the operating system or platform software vendor. The attacks were successful because the patches had not been applied.

While it is easy to blame IT professionals for the lack of patch application, in most cases, that blame should lie at the feet of the infrastructure vendors. Patching an environment today requires that IT test the ramifications of applying the patch. They need to see if the patch will cause another application to crash. Patches to platform software like VMware are even more difficult because those often require a reboot, which can impact dozens, if not hundreds, of virtual machines.

The solution is to use platform software that enables the safe and quick testing of the operating system and application-level patching. IT also needs to be able to patch the platform software without disruption.

For example, VergeOS can not only clone a virtual machine, but it can also clone, with a single command, an entire workload, or the complete data center by leveraging our virtual data center (VDC) technology. This cloned copy is space efficient and independent, so IT can test applying patches on a perfect but isolated representation of the production environment. All patches to VergeOS are non-disruptive as it automatically moves virtual machines to different nodes while the current node has the patch applied.

Harden The Platform Software

In the last year, we’ve seen increased attacks on platform software. If the bad actors can corrupt the core hypervisor, infecting the rest of the environment becomes significantly easier.

The second step is to look for hardened platform software, so it can’t get corrupted. The platform software should work like firmware, loading independent copies of itself into RAM and then comparing the RAM copy to the original to ensure they are both 100% in sync.

VergeOS again leverages VDC to facilitate this firmware-like experience. Each VDC gets a copy of VergeOS and is isolated from other VDCs. If something goes wrong within one VDC, the attacker can’t exploit the other VDCs, and once the attack is known, the OS code for that Virtual Data Center is quickly replaced.

Protect Everything

Again, most ransomware response activity focuses on protecting the production data set, so infrastructure settings like network, storage, and even backup software configuration files often get overlooked. There are utilities to protect each one of the components, but they often have to be manually executed. Since they are separate utilities, that also means that the process of protecting them and recovering them is a manual process, which is susceptible to human error.

VergeOS can, with the execution of a single clone, using their IOclone feature, protect the entire environment. It can execute these clones as frequently as necessary to protect the environment. When a VDC-level clone executes, it protects everything within it, all the application data, the virtual machine configurations, and network settings.

To learn more about quickly recovering from ransomware read “5 Steps to Rapid Ransomware Recovery.”

Conclusion

With the foundation of your data center complete, you are now ready to protect all the data as well. However, you don’t need to resort to backups. You can leverage IOclone and VergeIO’s new IOfortify capability that provides advanced warning of potential ransomware attacks and can direct you to the last known good clone for recovery. The last known good clone is ready for immediate mounting; no need to copy anything anywhere.

Protecting the Infrastructure from ransomware attacks is just one of the Ransomware Response Requirements. You can learn them all by downloading VergeIO’s latest white paper, “Ransomware Response: Does Your Process Meet the Requirements for Recovery?”