The frequency of data breaches due to ransomware attacks has doubled. New ransomware schemes and the rise of crimeware-as-a-service put more businesses at the risk of losing their money, data and reputation. But implementing immutable storage in a data protection strategy can become the key to your fight against ransomware.
This blog post explains the advantages of immutability against ransomware and helps you choose what immutable storage type works best in your case. We’ll also guide you on how to use immutable storage most effectively.
Ransomware continues to be a major problem for global organizations. Nearly 37% of them fell victim to ransomware in 2021, including one of the largest cyber insurance firms CNA Financial and computer giant Acer. The latter reported the largest ransom demand to date — a stunning $50 million for getting the company’s data back.
Unfortunately, ransomware trends show that there is much more to come. As attacks are getting more personalized and craftier, double extortion will soon become commonplace, driving ransoms to new heights. In 2021, ransomware-related costs outpaced the 2020 costs in just six months: $590 million for the first half of 2021 compared to $416 million for all of 2020. Does this seem expensive? In 10 years, ransomware costs are set to grow by 400 times, exceeding $250 billion.
Sophisticated ransomware attacks are difficult to detect early because most of them bypass ransomware detection solutions. This makes businesses believe that they can’t protect their data and have no other choice but to pay the ransom. And here is where immutable backups come into play.
Ransomware attack success depends on whether a business can restore data access without paying the ransom. No wonder that attackers are trying to limit recovery options and often target the company’s backups and snapshots first. On the other hand, keeping backup data in protected immutable storage minimizes the risk of a ransomware infection and increases the chances of recovery success. Why? Because immutable backup data is virtually impervious to new cyberattacks and ransomware. Let’s explore this in more detail.
Immutable data storage “locks'' backup and any other data, ensuring that stored data and metadata can never be modified and deleted, either by other users, root users, criminals or ransomware. Immutability goes hand in hand with the WORM (write once, read many) technology that allows storing data in an unchangeable format. Users can access and read files stored on WORM devices but not change or delete them.
Immutable WORM storage helps ensure data security and is legally required in the finance and healthcare industries by SEC rules and HIPAA. The US government agencies use WORM technology to comply with federal laws and minimize the risk of file accidental deletion from the National Archive. Finally, educational institutions and law firms often store their records in WORM-compliant format for long-term archiving.
The concept of immutable WORM storage isn’t new. Even in the times of tape, you could set tape media to be written only once. Optical CD-R and DVD-R discs are also one of the oldest WORM devices that allow users to add new data to the media until there’s free storage space left. Once the data is written to the disk, the only way to remove records is to destroy the disk itself.
Today, there is a wider variety of storage media and software that enable you to store data in immutable form. You can use tape, optical technologies, purpose-built backup appliances, SSDs, disks and even the cloud.
Let’s take a closer look at the advantages and disadvantages of two main WORM storage types.
Hard drives, tapes and solid-state storage drives can serve as immutable backup storage. They are usually inexpensive and are capable of holding large amounts of data. They can also be stored offline, disconnected from the production site. This makes physical media more secure against cyberattacks and ransomware.
On the downside, hardware-based storage can degrade and become prone to physical failures over time. They also require secure physical storage space with regulated temperature for long-term archiving. In case of natural disaster or improper storage, devices can be destroyed, causing irreversible data loss. What’s more, such devices can be stolen by criminals and used for blackmail.
Software-based storage solutions aim to combine the benefits of hardware-based solutions with the flexibility of cloud and SaaS services. They usually provide more storage capacity and mitigate some of the risks associated with physical devices.
Such immutable storage uses WORM technology to lock down the data for a specific period of time configured by a user. Once immutability is enabled, no one can edit, delete or encrypt data until the immutability window expires.
The popularity of cloud immutable storage (Amazon S3, Microsoft Azure Blob, Google Cloud) is now on the rise. Cloud repositories are easily accessible and require no physical storage space. At the same time, they are isolated from the network and have no links to production sites and storage systems, which makes cloud storage air-gapped by default. A ransomware infection can’t spread to cloud repositories until you manually transfer infected data there, which is impossible during the immutability time window.
On the downside, cloud storage costs grow over time, and you can end up with eye-watering bills for long-term archiving.
Immutable WORM storage was originally hardware-based, but as more organizations measure their data in petabytes, physical media alone is no longer enough for complete data protection. Many companies combine both physical media and cloud immutable storage to improve their resilience against ransomware attacks.
Using several types of immutable backup storage allows you to mitigate the disadvantages of each storage type and eliminate the single point of failure. What’s more, you can completely disconnect cloud storage and physical media from your network, making them air-gapped and, thus, more secure against ransomware attacks. Even if an attack does happen, you can avoid paying the ransom, knowing that you have unaffected backups.
But there’s a catch.
Air-gapped and immutable systems alone don't protect your data against ransomware. Ransomware can remain unnoticed for a long time and infect even immutable backups if you transfer corrupted files to storage. Immutable storage doesn’t detect or repel ransomware attacks and can’t replace ransomware monitoring tools, either.
Immutable backup data can be your last line of defense against ransomware, but only if you use this storage together with other data protection practices, such as:
Back up critical data on a regular basis and implement a flexible recovery point rotation scheme to ensure no data loss.
Backup data tiering and the 3-2-1-1 backup rule. Have at least three copies of your backup data and store them on at least two storage media, one of which is offsite and the other is offline.
Ensure that stored backups are application consistent and regularly verify the recoverability of VM backups.
Backup data encryption
Encrypt backup data during the transfer over the web and enable storage encryption to prevent unauthorized access.
Restrict access to your backup data and configure role-based permissions using the principle of the least privilege.