All Blogs

Playing Offense Against Ransomware with a Modern Data Infrastructure

Stan Stevens
Director Software Product Management

February 28, 2022

Has your company faced a ransomware attack yet? If not, count yourself lucky, for now. A June 2021 article in Cybersecurity Ventures predicts that ransomware will cost its victims approximately $265 billion annually by 2031. And, according to CRN, “Victims of the 10 biggest cyber and ransomware attacks of 2021 were hit with ransom demands totaling nearly $320 million.”

Sobering stuff if you are responsible for your company’s increasingly distributed data infrastructure. Today’s ransomware attackers start at the outer edges of your perimeter, then use increasingly sophisticated and readily available tools to find their way through the concentric layers of your environment. Their ultimate prize, and your last line of defense, is the innermost circle where your data resides. If they make it that far, they’ll immediately attack your backup software and encrypt your data to make sure you can’t recover, forcing you to pay. If you’ve been proactive, maybe your security detects some anomaly like a surprising and unexplainable elevation in I/O, and the attackers get only half your data and resort to extortion.

Flipping the Script

It does not have to be that way. With a proper modern data infrastructure, your company may be able to flip the script and go on the offensive. There is a high probability that your organization’s data infrastructure is already changing. Until now, you’ve always added, maintained, managed, and protected data storage. Protecting a legacy siloed environment with ever-increasing and poorly tracked copies of data is incredibly difficult. Data loss prevention (DLP) tools can help, but the inflexibility of the rules for such systems means they can interfere with business objectives.

But now, companies are looking at their data differently. Data management is about enabling businesses to put their data to work to power new opportunities. Hence, protecting your data from threats like ransomware and organizing it so that it can be recovered quickly and completely, is critical. At the same time, you must preserve your business’ flexibility and agility when it comes to the data. And both requirements must be met by IT staffs that are trending toward broad skill sets as opposed to individuals with traditional, highly specialized data and security roles.

Taking the Offensive

With all this change, now is the right time to consider some of the core functions of an offense-first data infrastructure, one that is capable of shrugging off tomorrow’s ransomware attack, including:

  • Establish central management. It’s important to establish a central management system that’s capable of reaching across a hybrid cloud infrastructure and enables companies to set up storage, analyze data inside that storage, automate processes, and have enterprise data protection. This omniscient view of your cloud, hybrid, and edge data storage is imperative because it provides visibility without having incurred a massive investment in ETL. Hitachi Ops Center makes it possible to develop a high-resolution understanding of the characteristics of your data storage at the fundamental hardware level. Such insight is the foundation for developing the ability to identify anomalous behavior such as unexpected I/O patterns that might be signs of potential ransom attacks.
  • Set up data replication and orchestrate replication processes. The objective should be to make the most efficient backup copy of your data, using the smallest footprint and keeping recovery time to the absolute minimum. It takes a lot of effort and a very robust toolset to detect, mitigate, and prevent ransomware. Attackers love incremental backups and differentials because they contain complete files that are relatively easy to steal and read. Hitachi Ops Center Protector instead performs backups using block-level snapshots to improve resiliency significantly. Blocks can be created at any increment of minutes, hours, days, or weeks. But importantly, the snapshots are tiny, making recovery very fast, and blocks can only be reassembled by a Hitachi system that knows the correct order of the blocks.
  • Reduce the attack surface. Minimizing what an attacker can see means there is less for an attacker to go after. Hitachi Virtual Storage Platform arrays make it possible to completely hide or veil the size of logical devices (LDEV) from an attacker’s prying eyes. This works in concert with the fewest possible snapshots to protect vital data as multiple backup copies increase the visible surface area for an attacker to exploit. Additionally, protection at the storage level largely hides and protects your mitigation strategy from threat actors, increasing your chances of successfully recovering data.
  • Turn on immutable storage. Immutable storage enables your organization to set a timed lock on the data, and until that clock runs out, that data cannot be altered or deleted in any way. In the case of Hitachi storage arrays, this timer, using the data retention utility, is set by the customer based on their needs and can vary by workload. Once set, an administrator, regardless of pressure or malicious intent, cannot change the timer. Instead, the company must open a support ticket with Hitachi. Approvals must then be logged from multiple people from the company that owns the array before an engineer is dispatched to make the change on-site.

Maybe the most significant change the playbook needs is in how we think about managing data. Infrastructure is evolving rapidly, and the data environment is increasingly distributed and mutable. Instead of erecting ever-higher walls that need vigilant protection, companies need smarter, faster, more automated data infrastructure that frustrates ransomware attackers and ensures rapid, reliable recovery.

Related News

Be sure to check out Insights for perspectives on the data-driven world.

Stan Stevens is Director Software Product Management, Hitachi Vantara.

Stan Stevens

Stan Stevens

Stan Stevens is Director Software Product Management, Hitachi Vantara.