Ransomware Protection Must Include an Air Gap

Reading Time: 4 minutes

July 28, 2020

By Rich Gadomski, Tape Evangelist at Fujifilm Recording Media, U.S.A, Inc.

Ransomware statistics can be frightening! Research studies suggest that over two million ransomware incidents occurred in 2019 with 60% of organizations surveyed experiencing a ransomware attack in the past year. To make matters worse, the cybercriminals have moved up the food chain. Two thirds of those attacked said the incident cost them $100,000 to $500,000. Another 20% said the price tag exceeded half a million. Overall, the losses are measured in billions of dollars per year. And it’s getting worse. Enterprise Strategy Group (ESG) reports that about half of all organizations have seen a rise in cyber attacks since the recent upsurge in people working from home.

Understandably, this is a big concern to the FBI. It has issued alerts about the dangers of ransomware. One of its primary recommendations to CEOs is the importance of backup with the following key questions:

“Do you backup all critical information? Are backups stored offline? Have you tested your ability to revert to backups during an incident?”

The key word in that line of questioning is “offline.” Hackers have gotten good at staging their attacks slowly over time. They infiltrate a system, quietly ensuring that backups are infected as well as operational systems. When ready, they encrypt the files and announce to the company that they are locked out of their files until the ransom is paid. Any attempt to recover data from disk or the cloud fails as the backup files are infected, too.

The answer is to make tape part of the 3-2-1 system: Three separate copies of data, stored on at least two different storage media with one copy off-site. This might mean, for example, one copy retained on onsite disk, another in the cloud, and one on tape; or one on onsite disk, one on onsite tape as well as tape copies stored offsite.

Tape offers what is known as an air gap: it can easily be physically disconnected from the corporate network and the Internet. Tape cartridges stored offline are immune to infection by malware – the bad guys don’t have the ability to delete or encrypt what they can’t access. Even if the latest tape backups were done from infected files in corporate systems, other tapes exist that don’t suffer from the same problem. As a result, files can be restored cleanly from a ransomware-free copy.

University Survives Ransomware Attack

Take the case of a U.S. university infected with a trojan via phishing. Windows NTFS systems were the target. Servers, laptops and attached devices including backup drives were encrypted. By the time IT discovered the problem and shut its systems down, 20,000 files, 120 servers and all VMs were being held for ransom. The demand? Pay a six-figure sum if you want to regain access.

Backup from disk was useless as those files already contained the trojan. LTO tape came to the rescue. A tape backup done the night before the attack helped IT to recover all systems.

As well as providing protection against ransomware, the presence of tape backup helped the university eliminate the high egress fees associated with retrieval of all data from the cloud. By having the tape on premises, organizations can use it to accomplish a complete restore if required without incurring heavy additional cost.

Tape has proven itself as the best way to safely accomplish a restore after a ransomware attack or other incident. Additionally, long-term retention of high volumes of data is far less costly on tape than from the cloud or disk. As well as offering a lifespan of up to 30 years, tape is the best place to archive data especially for volumes in excess of 100 – 200 TB. The latest LTO-8 tape technology offers 12.0 TB native and up to 30 TB of compressed capacity, with transfer speeds of up to 360 MB/sec native, 750 MB/sec compressed. That makes it faster than the latest generations of hard disk drives which have typical transfer rates around 210 MB/s.

These are some of the reasons why media and entertainment studios, government agencies, financial services firms, healthcare providers and many organizations dealing with PB-class data continue to be major users of tape. That’s why 2019 was a record year for LTO tape – with 114,079 PB of compressed tape capacity shipped last year. But it is the air gap that is garnering a new wave of support for tape from traditionally disk and cloud-based organizations.

“Ransomware is more rampant than ever and a significant challenge for protecting data, especially as employees continue to work remotely amid the current pandemic,” said Christophe Bertrand, Senior Analyst, The Enterprise Strategy Group, Inc. “Air gapping with tape technology should be a serious consideration for any company looking at best practices to ensure their company’s data and their customers’ privacy.”

Realizing the necessity of having a cyber-resilient form of data protection, organizations are now adding tape to their backup, archiving, active archiving and disaster recovery strategies. They continue to use flash and disk for frequently accessed data. But with 60% or more of retained data quickly becoming cold after just 30, 60 or 90 days, that information is best moved to tape for long term data protection. With a tape infrastructure in place, it is a simple matter to add regular tape backups into the schedule to protect the organization from the fright and menace of ransomware.

 

 

LET’S DISCUSS YOUR NEEDS

We can help you reduce cost, decrease vendor lock-in, and increase productivity of storage staff while ensuring accessibility and longevity of data.

Contact Us >