Ransomware attacks have increased considerably in recent years, creating an ever-present threat for both private and public UK organisations – regardless of size or sector, writes Neil Stobart, VP Global System Engineering, Cloudian. A recent study found that both the number of ransomware attacks and the percentage of attacks resulting in payment have increased every year since 2017, while another predicts that global ransomware damage costs will reach $20 billion by the end of 2021.
With traditional data protection strategies such as snapshots and backups typically stored on file systems, even data held for recovery is not immune to ransomware attacks.
Nor are governmental organisations.
In fact, they are an increasingly favoured target of cybercriminals.
This is illustrated by the fact that ransomware attacks against governments have spiked over the last 12 months, such as the attack that left a local council facing a multi-million pound bill after all its IT servers were disabled for three weeks.
Factors such as overstretched IT teams and departments that are utilising a mish-mash of legacy software and hardware mean they can be considered easy targets – particularly when compared to large enterprises that have deeper pockets to fund investment in the cybersecurity area.
The damage also tends to have a much wider impact when ransomware attacks do strike local governments. As well as encrypting critical data, such attacks can have a significant impact on local communities by disrupting many of the services that they rely on to function on a daily basis.
Aside from the increasing sophistication of ransomware attacks, several issues are contributing to local government’s increasing vulnerability. For example, government organisations are now increasingly reliant on technology and provide more digital services to citizens than ever before, creating a much bigger attack target for cybercriminals to exploit.
Budget restrictions are also a key factor. Not only does this mean local government organisations often have to make do with outdated software that isn’t able to protect against today’s threats, but it also presents the challenge of attracting and retaining the necessary cybersecurity staff. Such talent is in high demand, with many security professionals lured to the bigger salaries on offer in the private sector.
With these challenges in mind, it’s especially worrying that the traditional paths businesses have taken to stop ransomware – either proactively trying to prevent attacks or reactively containing an attack’s impact – have produced mixed results. Proactive approaches tend to focus on employee training and awareness, but entirely preventing human error in defensive measures is unrealistic.
What’s more, software designed to stop malware quickly becomes outdated as threats and their identifying signatures evolve.
Another strategy often used as a safeguard against ransomware is encrypting data. But, while encryption can be useful where cybercriminals just want to access and share the data itself, in the case of ransomware they can simply re-encrypt the data to prevent access by its rightful owner. As a result, data encryption does not protect against ransomware.
Finally, a robust data backup strategy can certainly help. Businesses can use data backups to keep a data copy separate from the live data or gain further assurance by deploying an airgap solution such as tape-based backup which physically separates a data copy from the network. The problem is that savvy hackers often know to specifically target backup data in attacks, while the tape-based model can be extremely labour-intensive. Local governments therefore need another way to protect against ransomware attacks.
With several traditional strategies proving to be either ineffective or unreliable, WORM (write once, read many) storage is emerging as the final line of defence. WORM technology allows users to make immutable “locked” copies of their data, thereby providing comprehensive ransomware protection.
These copies can still be read but cannot be altered for a pre-determined period of time which is aligned to the data backup retention policy, even if hackers do somehow manage to exploit a vulnerability in the system. This prevents malware from being able to encrypt the data and lock the victim out. Instead, data can be restored through a simple recovery process, meaning local governments will no longer have to choose between paying an expensive ransom or losing access to their data.
While WORM storage used to require specialised storage devices and a workflow that could accommodate them, object storage solutions equipped with a new “Object Lock” feature have made WORM technology more accessible for local governments. Object Lock provides WORM functionality on enterprise storage systems, so data is protected at the device level instead of requiring an external layer of defence.
Furthermore, WORM technology is designed to meet key regulatory requirements. It provides digital data with an immutability stamp that can be used in legal situations as “tamper proof evidence” and also meet the compliance requirements for regulations such as HIPAA, GDPR and PCI DSS.
Ransomware protection can be automated for simple management as part of the standard backup workflow, which means there is no additional workload for local governments. Object Lock delivers security comparable to offline storage without the labour-intensive manual steps associated with tape handling.
With local governments being such an appealing target for cybercriminals, it has never been more important to ensure they have the right security in place. What’s clear is that making backup data immutable with WORM/Object Lock storage technology is now the best line of defence – delivering effective protection right where the data resides and protecting against the rising ransomware threat.