Immutable Storage for Ransomware Protection and Recovery

An Unpleasant Truth

Man holding head in hands at desk because of ransomware notice
All organizations need to face an unpleasant truth: It is not a question of “If” they will experience a ransomware attack; it is a matter of “When.” While cybersecurity software serves as a first-line defense against ransomware, IT leaders recognize cybersecurity software alone does not thwart all ransomware attacks. And as an assumption an attack may succeed, these leaders also recognize they must protect their production and backup data. Immutable storage can help.

Protecting Data through Immutable Storage

To stop ransomware from encrypting data, administrators may use immutable storage solutions as a viable means of securing and protecting data from attacks.
Multiple immutable storage options now exist from cloud storage and networked storage providers. Once files or data is stored in an immutable state, even ransomware cannot alter the data. These solutions protect data from the attack and provide a source to quickly recover data in an unencrypted format.

The Cloud for Immutable Storage

Using cloud storage to store backup and production data appeals to organizations now more than ever. Many cloud storage offerings include data immutability features that deliver in one or both of the following two ways:
Journaling or versioning file systems. When existing data stored in the cloud gets changed or modified, the cloud does not delete the old version; rather, the cloud versioned file system retains the existing, as well as previous versions of the data as immutable objects. Ransomware may change the visible or current production data; however, ransomware cannot encrypt previously existing data stored in immutable form. Organizations may select a prior, existing version of data and use that version to recover. Some solutions write all files as immutable objects, simplifying the management and recovery of ransomware encrypted data.
Amazon S3 Object Lock. Object Lock operates like write once, read many WORM storage. Organizations apply and enforce retention policies on data they store in the cloud. Once data gets written, nothing may change or delete the data until the data’s retention period expires.
These two features set cloud storage as a logical option to protect organizational data from a ransomware attack.
Organizations should not automatically equate a solution’s support of cloud storage with protection from ransomware. These solutions must support automatic, or at a minimum, turning on immutable versioning or setting the object lock on the data placed in the cloud. If the solution supports versioning, enterprises should also verify it offers an option to select past points in time for recovery.

Networked Storage with Secure Object Data Stores

More on-premise storage solutions offer immutable data, cloud storage options through a simple storage solution (S3) API. These storage systems provide a standard file system interface that supports the NFS and SMB networked file protocols. In this way, organizations may deploy and access data on these systems like any networked storage solution.
Beneath their file system presentation layer, these storage solutions use an immutable object store. Applications, clients, and users only see and write data to their file system. Once written, the solution automatically stores the data on its underlying object store as immutable objects.
Using this approach, applications, clients and users may still change or delete data presented through the solution’s file system interface. However, the solution’s underlying object store neither changes nor deletes the prior version of the data.
Instead, the storage system’s object store journals all changes. The system chronicles new writes as well as any changes, additions, or deletions of existing data. This technique safely preserves new data as well as the prior, original version of the data. By preserving this data, should a ransomware attack occur, organizations may roll back to a prior point in time.

Immutable Storage – A Critical Role

ransomware 2021 stats
In summary, every organization should use available cybersecurity software as the first and best line of defense against ransomware attacks. Detecting and stopping ransomware attacks still serves organizations better than recovering from an attack. However, cybersecurity software does not provide a foolproof defense against these attacks.
This data gap dictates that organizations have a recovery plan in place. Placing data on an immutable storage solution plays a critical role in recovering from a ransomware attack. When stored as immutable objects, all data is preserved in an unaltered state, providing organizations with multiple, viable recovery points.
Used in conjunction with cybersecurity software, these immutability features help ensure organizations have the appropriate defenses in place to protect them from the disruption and costs of a successful ransomware attack.

Keep Up to Date with DCIG

To be notified of new DCIG articles, reports, and webinars, sign up for DCIG’s free weekly Newsletter.
Technology providers interested in licensing DCIG TOP 5 reports or having DCIG produce custom reports, please contact DCIG for more information.
Source data for “Ransomware 2021” infographic:
https://abcnews.go.com/Health/wireStory/latest-india-reports-largest-single-day-virus-spike-70826542
https://www.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-state-of-ransomware-2021-wp.pdf
https://www.coveware.com/blog/ransomware-marketplace-report-q4-2020

Share
Share

Click Here to Signup for the DCIG Newsletter!

Categories

DCIG Newsletter Signup

Thank you for your interest in DCIG research and analysis.

Please sign up for the free DCIG Newsletter to have new analysis delivered to your inbox each week.