Taking a Security-First Approach to Ransomware

As the cyber threat landscape continues to evolve, organisations around the world are reviewing and increasing their data security investments. Despite significant investments in data security, organisations of all sizes and across all industries are experiencing a rapid increase in the frequency and intensity of sophisticated ransomware attacks.

Organisations that are compromised can incur not only great financial loss but also reputational damage that could threaten the future of their business. A data breach can impact on customer trust and can take an organisation years to recover from.

These attacks are becoming more prevalent and many can be attributed to the combination of unresolved software vulnerabilities and internal human errors along with the increasingly sophisticated techniques that can go undetected for some time and have the freedom to spread throughout the environment before manifesting.

Law enforcement agencies, including Europol have identified ransomware attacks as the top threat worldwide, yet Forrester Research found that only 21% of surveyed organisations confirmed they have contingency plans to recover from ransomware attacks.

The challenges of defending against ransomware

To guarantee the ransom payment is made, cyber criminals are focusing their attacks on backup data and infrastructure to effectively cripple the “insurance policy” organisations depend upon when compromised.

In the event backups are successfully targeted and compromised, recovery is limited to two options; rebuilding infrastructure and services at considerable time and financial cost, or paying the ransom demand to unlock the encrypted systems. Neither alternative will prevent a reoccurrence of the ransomware attack, and both contain significant risk.

One of the biggest challenges of defending against ransomware is legacy backup solutions. Attackers exploit the weaknesses of old systems and processes that were architected before the birth of the ransomware industry to destroy shadow copies and restore-point data.

Designed at a time when ransomware didn’t exist, legacy backup infrastructure can make an organisation easy prey for ransomware attackers.

To overcome these challenges organisations must review their backup solutions and consider adopting a modern, robust backup solution that protects data against ransomware attacks as well as continued employee education around cyber security and investment in security tools.

Defending your organisation effectively from ransomware

Cohesity redefines data management to mitigate the risk of mass data fragmentation and simplifies the way organisations backup, manage, protect and extract value from their data, whether it is stored in the data centre, in the cloud or at the edge.

As an MTI partner, we work closely with Cohesity to deliver robust backup solutions that help organisations defend themselves against ransomware attacks and rapidly recover should the worst happen.

Going beyond detection, Cohesity’s comprehensive anti-ransomware solution helps organisations:

  • Reduce their attack surface
  • Protect backup data with immutable architecture and easy policy-based data management
  • Use machine learning to detect anomalies that signal potential attacks
  • Gain deep visibility to ensure backups are clean and won’t restore vulnerabilities
  • Rapidly recover from a compromise to avoid extended downtime

Reduce the attack surface

Reducing the attack surface helps organisations reduce their exposure to cyber criminals. Cohesity helps organisations reduce their data footprint by consolidating backup components, disaster recovery, file services, object storage, dev/test and analytics into a single web-scale platform and through its global variable-length dedupe across sources and compression.

Prevent backups from being a ransomware target

Taking a security-first approach to ransomware requires a multi-layered defence to protect against sophisticated ransomware attacks. This includes:

  • Immutable File System: Cohesity’s immutable file system, SpanFS, keeps the backup jobs in time-based immutable snapshots. The original backup job is kept in an immutable state to ensure it is never made accessible and prevents it from being mounted by an external system. Although ransomware may be able to delete files in the mounted backup, it cannot affect the immutable snapshot. 
  • DataLock: A WORM for backup snapshots that provides an extra layer of protection against ransomware attacks, DataLock enables security officers to create and apply a “DataLock” policy to selected jobs and achieve a higher order of immutability for protected data.
  • Multi-Factor Authentication: Passwords are easily compromised, especially human-generated ones, as they tend to be weak. Multi-factor authentication is the most secure way to protect against phishing schemes and other password hacks.
  • Policy-Based Air Gap: Replicating your mission-critical data to another Cohesity immutable cluster adds an additional layer of protection against ransomware attacks. Unlike legacy solutions, where an air-gapped solution could be compromised because of replication of encrypted or ransomware affected data to the system in air-gap, a replicated Cohesity cluster does not affect the air-gapped copy because of the immutable file system on that site as well.

Detect anomalies with machine learning

Cohesity Helios uses machine learning to detect anomalies that can signal potential attacks and alerts your IT admin and our support team when the primary files data-change rate is out of the norm.

Anomalies are detected by matching any large data changes against the normal patterns, including daily change rate on logical data and on stored data (post depude), patterns based on historical data and entropy (randomness of data).

In addition to detecting and flagging anomalies, Cohesity’s machine learning algorithms can also help locate a clean copy of the data to be used for rapid recovery.

Deep visibility for a clean recovery

When restoring data, organisations must be sure that the data they are using hasn’t been compromised and that they aren’t re-injecting software vulnerabilities and cyber threats back into the IT environment.

CyberScan provides deep visibility into the protected snapshots health and recoverability status to give you confidence that you are performing a clean recovery and that your data is free from cyber vulnerability.

Rapid recovery that reduces downtime

While organisations want to do everything they can to prevent ransomware attacks, they can and do occur and often quickly. Which is why it is imperative that recovery, should the worst happen, is predictable and rapid.

After a ransomware attack, it is imperative that organisations have the ability to quickly recover data to avoid extended periods of downtime and disruption. Cohesity allows you to allocate data across your global footprint, even in the public cloud, enabling you to instantly mass restore your apps and data.

Next Steps

In recent years, ransomware has become an increasing threat for businesses everywhere, and cyber criminals are now focusing their attacks on backups by exploiting the weaknesses of legacy backup solutions to compromise organisations.

Ready to enhance your cyber security and ensure the safety of your backups? Contact MTI today to discuss your next steps in protecting your organisation against ransomware attacks.