Ransomware Not Going Away, Air-Gapped Tape Helps Solve the Problem

By Rich Gadomski, Fujifilm, and Paul Lupino and Tom Trela, Iron Mountain

It was not long ago that ransomware threats caught the attention of the nation when WannaCry burst onto the scene and was widely covered in the press in May of 2017. Fast forward to the COVID era of today, as morning TV shows are featuring news that healthcare providers and hospitals are under increasing ransomware attacks due to their vulnerability at a time when these providers are otherwise overwhelmed, fighting a stubborn pandemic that does not want to go quietly into the night.

The threat against the healthcare sector prompted an alert on October 28^th from CISA (Cybersecurity Infrastructure Security Agency) entitled “Ransomware Activity Targeting the Healthcare and Public Health Sector.” The introduction reads: “This joint cybersecurity advisory was coauthored by CISA, the FBI and the Dept. of Health and Human Services (HHS)…and describes the tactics, techniques, and procedures used by cybercriminals against targets in the Healthcare and Public Health Sector to infect systems with ransomware, notably Ryuk and Conti, for financial gain. CISA, FBI and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

That’s chilling. Most organizations can’t effectively operate without their computer systems or data. Hospitals are no different with the safety and well-being of patients hanging in the balance.

Of course, healthcare providers are not the only victims as cybercriminals relentlessly attack many victims in a multitude of markets. An Enterprise Strategy Group report from earlier this year showed that 60% of survey respondents from a broad cross-section of industries experienced at least one ransomware attack during 2019. Looking forward, the situation does not get any better as a July 2020 report from Gartner predicts that “Cybersecurity threats and ransomware attacks will impact 95% of Infrastructure & Operations leaders through 2024.”

That’s a staggering prediction considering the billions of dollars at stake, not to mention system downtime, lost or compromised data, and damaged goodwill.

So, what do the experts suggest as best practices to mitigate risk?

Here are just a few (of many) from CISA:

• patch operating systems, software, and firmware as soon as manufactures release updates
• regularly change passwords to network systems and accounts
• use multi-factor authentication where possible
• identify critical assets such as patient database servers, medical records, and telehealth and telework infrastructure; create backups of these systems and house the backups offline from the network
• implement network segmentation; sensitive data should not reside on the same server and network segment as the email environment
• set antivirus and anti-malware solutions to automatically update; conduct regular scans

The FBI, CISA, and HHS also recommend the following:

• regularly back up data, air gap, and password-protect backup copies offline
• implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location
• focus on awareness and training; because end users are targeted, make employees and stakeholders aware of the threats – such as ransomware and phishing scams – and how they are delivered

All good suggestions and recommendations to be sure. But getting back to a bit of history, it wasn’t long after WannaCry caused so many tears, that the Wall Street Journal published an article on Sept. 17^th, 2017, entitled “What’s Old is New. Companies are Once Again Storing Data on Tape, Just in Case.” The article stated that “storing data on tape seems impossibly inconvenient in an age of easy access cloud computing. But that is the big security advantage of this vintage technology since hackers have no way to get at the information.” It would probably be inaccurate to say that the concept of “air gap” was born around this time. Tape was always designed to be easily removable and transportable; with the ability to serve as nearline storage or offline storage in support of the golden 3-2-1 rule (three copies of data, two different types of media, one stored offline).

Perhaps unexpectedly, today’s modern tape is the perfect air gap medium. The technology has not been sitting still and now offers high native capacities up to 20 TB on a palm-sized single real cartridge and has the lowest TCO of any storage medium with best in class reliability and archival life.  As a result, companies from hyperscale cloud service providers, to local healthcare providers, are turning to modern tape, not just to help manage today’s data deluge, but to hedge against cybersecurity threats as well.

In today’s battle against ransomware, it makes sense to protect valuable data assets by backing up your data and taking it offline, to a secure and isolated location. Because tape has the lowest TCO of any storage medium and does not consume energy needlessly unless mounted in a drive, it makes economic sense to do so.

According to best practices posted by the FBI, it is not recommended to agree to pay ransom amounts because it does not guarantee an organization will regain access to their data.  In some cases, victims who pay are then asked to pay more or retargeted once again. Paying also inadvertently encourages this criminal business model. The FBI post does go on to say, “Backups are critical in ransomware recovery and response; if you are infected, a backup may be the best way to recover your critical data.” To avoid the tears, better make that an offline, air-gapped backup.