To reduce the potential damage from ransomware attacks, businesses must rethink their IT strategies. Saimon Michelson, CTO, CTERA, discusses how global file system (GFS) technology is an ideal solution for preventing large ransomware payouts.
Last month, car owners up and down the East Coast experienced first-hand the physical impact of cyberattacks on their daily lives. A ransomware strike on Colonial Pipeline locked up critical data and information systems, prompting a stoppage of the company’s pipeline operations for six days and wreaking havoc on gasoline supplies across the region.
Colonial Pipeline chose to pay hackers $4.4 million to regain control of its information systems and avoid potential operational risk to its critical infrastructure. This response is all too common in ransomware attacks, in which organizations prefer a quick payout rather than incurring the costs of lost data and systems recovery. In 2020 alone, these payouts to hacker rings (usually in Bitcoin) amounted to more than $412 million per Chainalysis, a firm that tracks cryptocurrency payments.
How Global File System Technology Bolsters Data Protection
As ransomware attacks continue to surge, critical infrastructure providers like Colonial Pipeline, as well as other data-driven organizations, need to focus on ways to mitigate the potential damage from a ransomware scenario. Data protection is the key to limiting losses, and this is one of the main factors driving organizations to modernize their storage infrastructures to cloud-based global file systems (GFS). Along with enhanced data protection, GFS technology also enables organizations to streamline data management, increase productivity, and reduce storage costs.
Here’s why GFS technology is ideally equipped to protect business-critical data from ransomware attacks:
1. Replaces the ‘dumb NAS’ model with a protected and centralized ‘golden copy’ of data in the cloud
Ransomware attacks are difficult to stop because they target the weakest leak in the IT security chain, the users, most of whom work at branch offices and remote sites.
Rather than storing files on local storage islands (NAS) at the edge, GFS technology stores the authoritative copy of each file in a central location, either a private cloud or secure datacenter. Frequently used files are cached locally for fast access, while file changes are continuously replicated to the “gold copy†in the cloud. The GFS performs data management and file services 100% within the firewall, ensuring secure file services.
As the core is always protected and replicated to the remote sites, data can be recovered quickly in the event of an attack against an edge server, mitigating potential data loss.
See More: Can Backup Data Be Trusted After a Ransomware Attack? 3 “I’sâ€for Steadfast Resiliency
2. Military-grade encryption models to limit data exposure even in the event of an attack
Naturally, end-to-end security is a must for protecting files from ransomware and other cyber threats. In cloud-driven distributed environments, this means encrypting data at the edge (where it’s created), in transit (over the network), and in the cloud (where it’s stored).
By using source-based encryption at rest (AES-256) and in transit (TLS 1.2), GFS technology can secure your data before it leaves your devices, offices, and servers. Moreover, even if your data is temporarily locked due to an attack, it cannot be read. Beyond military-grade encryption, it’s also imperative from a security standpoint that organizations generate and own the data encryption keys and prohibit third parties, including the cloud provider, from accessing or controlling them.
3. Rapid recovery of file data to minimize productivity loss
Traditional backup solutions deployed at edge locations require a complete system restore before presenting files to users. If following a ransomware attack, for example, you needed to swap a server, such a restore operation could take hours or even days to complete, seriously compromising business continuity.
GFS technology enables the creation of incremental versions of files as they are changed and updated, protecting data on an event basis (i.e., file save) as opposed to a scheduled basis (i.e., a predefined backup interval). This real-time file sync provides the highest levels of granularity for file and folder recovery, minimizing recovery point exposure (RPO) versus traditional approaches to system and file server backup. Files populate immediately and can be accessed as they come in, reducing RPO to a matter of minutes.
Another way GFS accelerates file recovery is through prioritization. Let’s say you have a 100 TB file system, including files from five years ago that you rarely access. There’s no reason why you should have to wait for those files to populate before getting back to work. Prioritization lets users determine the order in folders and files are recovered based on what’s most important (e.g., by date, by department, etc.) and resume working in the shortest possible time.
See More: Is Ransomware the New ‘Snow Day?’ How Attacks Have Impacted Schools, Governments, and Enterprises
4. Incorporate artificial intelligence (AI) and machine learning tools to protect against rapidly evolving malware
Data protection should cover both the endpoint device and the central storage system. Endpoint protection solutions already use machine learning to detect unknown malware and block zero-day attacks. Unfortunately, some of these attacks are eventually going to infiltrate the network.
On the storage side, GFS technology has the potential to incorporate AI tools to analyze what users are doing in real-time. As the storage system continually receives reads and writes, these file access patterns could be captured and analyzed over time to classify legitimate and illegitimate actions in real-time. For example, storage systems could integrate machine learning capabilities to detect potentially suspicious situations, alert users and block abnormal behavior (e.g., massive write of thousands of files).
The evolution of storage solutions in this direction would be a future game-changer for preventing ransomware and other cyberattacks.Â
Take the Sting Out of Ransomware Attacks
While you can’t prevent your organization from being targeted by a ransomware attack, you can take steps to protect your data. In the event of an attack, a sound data protection strategy is key to avoiding multi-million dollar payouts and recovering data quickly.
Global file systems all but eliminate the risk of data loss, taking the sting out of ransomware attacks by giving organizations full control of their data. With accurate data protection, organizations can recover “locked†data within minutes, avoid downtime and remain assured that sensitive information is never exposed to hackers.Â
Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.