By James Morrison, HPE
How do you stop 20 million cars in their tracks? Or take chicken sandwiches off the menu for an entire country? I’ll give you a hint: it requires neither military action, a team of evil scientists, nor a particularly libertarian fowl population. In fact, all it takes is a group of hackers that could be located anywhere in the world.
When I think of the word “ransom,” my mind conjures images of body builders trudging through the jungle to recover a hostage. But these days, ransom-takers lurk in dark rooms behind layers of code with fingers sticky from cheese puffs.
In fact, ransomware attacks have become so simple that it no longer takes expensive software and skilled hackers to carry them out. No wonder 2020 saw over 300 million ransomware attacks worldwide, with several of the most high-profile attacks grabbing international headlines. These would-be villains are after your company’s data, and they don’t even need a plan for what to do with it. All they need is to halt your operations or threaten a big enough data leak and the keys to the kingdom are theirs.
For a long time, enterprises weren’t concerned with defending against ransomware because they didn’t see themselves as a target. But the frequency and soaring costs of these attacks have become too great to ignore. Now, we’re all a target—and the lowest hanging fruits, those companies without a sound defense in place, will be the next victims.
If you live on the east coast of the United States, you may recall having a difficult time finding fuel during the month of May. That was thanks to a ransomware attack by DarkSide, a cybercriminal organization from Eastern Europe. Colonial Pipeline, the company responsible for nearly half the fuel supply for the entire East Coast, was forced to halt operations. It took a $4.4 million payment before operations were restored.
Then in early June, JBS USA Holdings Inc. paid a whopping $11 million to Russian hacker group REvil to regain control of its operating systems. JBS handles nearly one-fifth of America’s meat supply. If these criminals are fearless enough to stand between Americans and their meat, there’s no telling what they’ll do next.
At about the same time, a cyberattack on Ireland’s public health system paralyzed their health services for a week, cutting off access to patient records, delaying COVID-19 testing, and forcing appointment cancellations. Paul Reid, chief executive of Ireland’s publicly funded health care system, said the attack was “stomach churning.” With endless amounts of patient data in their servers, that makes sense. Especially because they weren’t just vulnerable to the initial ransom demand to get their data unlocked. They had to pay a second time to ensure the criminals wouldn’t sell that data on the dark web.
Everyone is now a target
These attacks highlight a new trend in ransomware - skyrocketing costs. Bad actors have raised the cost of poor security on everyone from data collectors such as retailers and banks to service provides such as hospitals and even city governments. Preventing a company's ability to operate is just as lucrative as holding sensitive data for ransom. What if they do both!
Last week, Cole Humphreys talked about implementing zero trust security in your edge environment in his blog "Securing the edge: trust nothing, verify everything." Safeguards in HPE Gen10 Plus server technology like iDevID and platform certificates help you lock down your firmware in distributed environments so that hackers can't gain access in the first place. We'll talk more about firmware security next week, but once an attack happens, you need additional tools to prevent the ransomware from shutting down your business. Considering the National Security Institute estimates a ransomware attack will occur every 11 seconds this year, you'll want to implement a disaster recovery solution sooner than later.
Let's start with where you are most vulnerable: the edge. With hyperconverged infrastructure (HCI), virtual desktop infrastructure (VDI), and all of your virtualized workloads, modern edge computing has created a greater attack surface for your organization. One way to mitigate the increased risk of ransomware is with AI-driven intelligent data protection and disaster recovery.
To date, disaster recovery has been time consuming, tedious, and difficult to operate at scale. And in securing their valuable data, enterprises make it more difficult to access and draw insight from the data. HPE SimpliVity is an intelligent HCI solution that features HPE Cloud Volumes Backup. This backup service is plug and play and takes only five minutes to set up: log in, configure your capacity, and configure with existing backup schedules. By backing up files to the cloud with encryption, this data remains invisible to hackers and ransomware. But rather than locking it in a vault, Cloud Volumes Backup keeps your data at your fingertips, integrating natively with your favorite backup software and making it simple and pain-free to recover your data whenever and wherever you need it. And SimpliVity backs up data with a 2-node system. If one node goes down, all data is backed up on the second node.
As an additional level of security, you can add a hardware solution—self-encrypting drives (SED). An SED is a hard disk drive (HDD) or solid-state drive (SSD) designed to automatically encrypt and decrypt drive data without the need for user input or disk encryption software. While SEDs won’t stop a ransomware attack, they will prevent the double-attack that the Irish Public Health System suffered.
Early detection of an attack can buy you time to react. HPE InfoSight is a cloud-based predictive analytics platform meant to help you predict and prevent issues before you’re even aware there’s a potential problem. InfoSight collects several types of data: streaming statistics, heartbeats, diagnostics, configuration data, and alerts. These help you monitor your environment for indications of vulnerabilities that could be exploited by malware—like firmware updates that haven’t been installed—and system irregularities that could signal an attack is underway.
Finally, with HPE’s recent acquisition of Zerto, you can gain cloud management and protection software in one continuous software for on-premises and cloud. The Zerto platform is based on continuous data protection (CDP). Whether it’s on-premises, a multi-cloud environment, or a hybrid of the two, the Zerto platform is a single, unified solution for automated recovery and data management for virtual or container-based workloads. For a ransomware attack, Zerto has fully automated failover and failback that will recover corrupt applications and data within a matter of minutes of an attack.
Three steps ahead
Defending against ransomware is more of a when, than an if proposition. Just this summer, the head of U.S. Cyber Command announced that ransomware is considered a national security issue. If nation states can be hit, you can be sure that your organization is vulnerable. Keep these three tenets of a ransomware defense in mind to minimize the impact of your next attack: