Ransomware attacks have dominated the headlines for several years. Rising far beyond the level of nuisance, cyberattacks are now identified by the World Economic Forum as one of the top five economic risks we face, putting this hacker-driven activity at a risk level comparable to global warming.
While these attacks target a variety of organizations, government entities face disproportionate risk. Cities and state agencies across the country have recently suffered costly major ransomware attacks.
Anatomy of a Ransomware Attack
Ransomware attacks tend to follow a familiar path: An unauthorized party encrypts an organization’s data assets, then demands that the victim pay a ransom — often in a hard-to-trace cryptocurrency such as bitcoin — to obtain the encryption key. The organization faces a dilemma: pay and get its data back or hold out and potentially lose it forever. There are many different types of ransomware, such as SamSam, WannaCry and NotPetya, but the basic template remains the same.
According to data from Recorded Future, governments are less inclined to pay ransoms than nongovernment organizations: Forty-five percent of all organizations hit by ransomware attacks in 2019 paid the ransom, compared to just 17 percent of state and local governments. Since paying ransoms is rarely an option due to either budgetary or policy constraints, governments must be prepared to defend against attacks and quickly recover if defenses fail.
How Typical Ransomware Strategies Are Ineffective
Organizations generally take two approaches to ransomware: either actively try to prevent attacks or focus on containing an attack’s impact. In the former scenario, there are several common types of approaches for proactively preventing a ransomware attack.
For one, security firms can be brought in to train employees to recognize phishing emails. Also, organizations can purchase software that inspects email for common signatures of malware. Finally, organizations can turn to firewalls and password software that limit user and program access.
These solutions tend to be minimally effective, however. Fatigue sets in and users become complacent. Technologies intended to detect and stop malware quickly become obsolete as signatures evolve. Onerous password schemes and other blockades tend to irritate users, who ultimately work around them for convenience.
If attacks cannot be completely prevented, some organizations take a complementary approach to minimize the impact of a breach. One strategy here is to encrypt data as a hedge against ransomware. However, this approach misunderstands the intent and modus operandi of ransomware. Encrypting data in advance of an attack might be useful against other types of hacks in which data is copied and shared with unauthorized parties or disclosed publicly, but it is mostly ineffective against ransomware, which simply re-encrypts data to prevent access to its rightful owner.
A robust backup strategy can certainly help by keeping a data copy separate from the live data, potentially providing a clean copy for restore. The problem is that hackers also know this. Consequently, they specifically target backup data in attacks. An airgap solution, such as tape-based backup, provides further assurance by keeping a data copy physically separate from the network. But the tape backup model is labor-intensive, requiring tapes to be moved to a location outside of a tape library to ensure separation.
WORM and Object Lock Are Better at Countering Ransomware
The above strategies against ransomware are ineffective at worst and inconvenient and unreliable at best. But there’s another way to fight these attacks: WORM (write once, read many) storage is the easiest and most effective strategy against ransomware.
With WORM storage, the data is made immutable: Once written, the data cannot be either changed or deleted for a specific period. This prevents malware from being able to encrypt the data and lock the victim out. In the event of a malware attack, organizations can restore the data through a simple recovery process.
Previously, WORM storage required specialized storage devices and a workflow that accommodated them. Now, object storage systems equipped with a new feature called “object lock” provide WORM functionality on enterprise storage systems. Data is protected at the device level, rather than being dependent on an external layer for defense.
A further benefit is using object lock as a standardized feature, supported by multiple data protection software platforms. IT managers can therefore capitalize on this feature within an automated workflow, with no need to separately manage protected copies of data.
When it comes to minimizing ransomware threats, storage is the last, best line of defense. And unlike other strategies, WORM is the only option that delivers protection right where the data resides. The object lock feature now makes WORM functionality accessible and easy to manage within an automated workflow. As the threat of ransomware increases for local governments, WORM and object lock are the closest things to a foolproof solution — and the best options for mitigating damage from these attacks.