As shown by the 97 percent increase in ransomware attacks over the past two years, defending data against malicious software that locks up files until a ransom is paid is a pressing concern for enterprises worldwide. With each attack, unauthorized parties access data and encrypt it, making data inaccessible to the user. To obtain the encryption key, the victimmust pay the ransom, which can range anywhere from $10,000 to $300,000 per incident. In the meantime, organizations are forced to operate offline, putting operations on hold until the ransom is paid. This downtime costs over $64,000 on average.
So, how do organizations address this growing threat? This article will explore why traditional strategies fall short and how the right storage technology can protect enterprises from ransomware attacks.
Traditional Strategies Are Not Sufficient
Organizations often try to prevent ransomware attacks through approaches such astraining employees to recognize phishing attacks, implementing malware-detection software and isolating critical systems behind firewalls/passwords to make access more difficult. Unfortunately, these strategies havelimitedeffectiveness. For example, employees do not always follow best practices provided in training, malware is often missed by security software and firewalls/passwordscan becircumvented maliciously or even for convenience.
Another traditional approach to combatting malware is to encrypt data. However, this approachdoes nothing to defend against ransomware.Encrypting data in advance of an attack might be useful against other types of hacks in which data is copied and shared with unauthorized parties or disclosed publicly, but it has proven largely ineffective against ransomware, which simply re-encrypts data to lock out the rightful owner.
Storage: An Enterprise’s Final Line of Defense
Becausedefensive strategies often fail, organizations must be prepared to respond after being victimized by a ransomware attack. Once an organization has been hit, storage remains the final line of defense, but it’s essential to have the right storage technology in place to recover quickly from an attack.
WORM (Write Once Read Many) storage is the easiest and most effective strategy against ransomware. Itallows data to be fully protected from ransomware attacks by making it unchangeable, preventing malware from encrypting data and locking users out.As a result, users can restore a WORM-protected version of their data—captured before the infection occurred—and avoid having to choose between paying ransom or losing access to the data.
In the past, WORM storage required specialized storage devices and a workflow that accommodated them. Today, object storage systemsequipped with a new feature called “Object Lock” deliver WORM functionality within enterprise storage system. This means that the data is protected at the device level, rather than needing an external layer for defense.
Another advantage is thatObject Lock is a standardized featuresupported by multiple data protection software platforms. IT managers can therefore leverage Object Lock within an automated workflow, eliminating the need to separately manage protected copies of data.
Because ransomware attacks can impact anyone, it is critical to have an attack-proof recovery strategy in place. Organizations would be wise to implement WORM and Object Lock to truly protect themselves against this growing threat.
Edited by Maurice Nagle