Cloud-Based File Systems as a Ransomware Defense

Ransomware is an unfortunate and unavoidable fact of life for businesses today. Attackers are escalating their attacks on organizations of all types and sizes across the globe. In 2021, there were three times as many incidents as in 2019, and the rate continues to climb. The reality may be even direr than statistics suggest, as many victims never report attacks.

Threats are not only more numerous; attacks are also more sophisticated. Criminals are demanding larger payoffs and upping the ante with double and triple extortion schemes that expose sensitive data even when the victim hands over the hefty ransom.

Organizations must face the fact that they are likely to fall victim to cybercrime which many experts consider the most serious threat facing businesses today. Rather than wait for the inevitable, companies should invest the time, effort and money now to reduce their vulnerabilities and devise a strategy for recovering if an attacker manages to penetrate their defenses.

How Attackers Get In

Humans are frequently the weak link that undermines even the most stringent security measures—especially when many employees work remotely, often on inadequately protected home networks. If just one employee falls for a phishing attempt and unwittingly downloads malware, the entire network can be compromised. Making matters worse, the lapse doesn’t have to be internal: A breach within a customer’s or supplier’s system can give attackers access to everyone within the supply chain.

As the malware insidiously spreads, it encrypts files and systems throughout the organization. It often takes days or even weeks before IT detects the breach, and at that point, the attacker’s damage can be so widespread it disrupts business or even brings operations to a standstill.

In that worst-case scenario, IT faces several major challenges: Not only do they have to recover data and get operations up and running as quickly as possible, but they must also determine the source of the attack in order to prevent a recurrence. That’s a critical step as an estimated 80% of victims who paid the ransom were attacked a second time, often by the same attackers.

Backups Are Not Enough

When disaster strikes, backups have traditionally been the go-to solution, and that approach worked in years past. But relying on backups is no longer an effective disaster recovery (DR) strategy. For one thing, many organizations don’t invest the effort and resources necessary to adequately maintain backups, especially in hybrid infrastructures.

Restoration is a time-consuming process even in the best case. IT has to roll back the entire system to a point before the attacker’s infiltration occurred, so all data produced after that time is lost‚ whether or not it was corrupted. When a company has terabytes of backup data, it can take weeks to rebuild file servers and restore operations, even with today’s fastest data transfer speeds. The difficulty is magnified when dealing with a highly distributed workforce in multiple locations, often scattered around the world.

Depending on when the breach occurred, there’s also a very real risk that the backup files themselves may have been infected by attackers and their malware. If that’s the case, the restored files are of no use and the process must begin all over again. The resulting downtime can be disastrous.

The specter of such consequences persuades many businesses to accede to the extortion demands.

How the Cloud Helps

Cloud-based file storage platforms are a better solution than traditional backup systems. The cloud stores files as immutable objects, so they can’t be encrypted by ransomware, overwritten or corrupted. While it might seem like unstructured data wouldn’t be compatible with object storage, today’s sophisticated storage technologies can give cloud-based file systems the same look and feel as traditional file shares.

Unlike block-based versioned storage area networks (SANs), modern cloud platforms are not limited to a specific number of versions or snapshots. Continuous file versioning capabilities support an unlimited number of recovery points for data—as often as every few minutes—with separate metadata versions for each recovery point.

In the event of an attack, an IT team can quickly assess precisely which data has been affected by attackers and isolate those files. They can roll back the affected files to the instant just before an incident and restore only the affected data, rather than an entire volume. That level of control enables IT to restore access to an entire file share in an instant, minimizing disruption and avoiding unnecessary loss of productivity.

This high level of data integrity needn’t come at the expense of accessibility. Global file systems combine centralized storage with local access from anywhere in the world, so IT can manage the files centrally, exercising version control and locking files on a global basis as needed.

Conclusion: Cloud Offers the Safest Choice Against Attackers

Clearly, cloud-based file storage systems are among the most effective tools for combating attackers and ransomware. The major cloud platforms—Amazon Web Services, Microsoft Azure and Google Cloud Platform—offer far greater availability and data durability than most businesses can achieve on their own. By combining a cloud-native global file system and object store, the cloud offers organizations the safest, most secure choice for storing critical data and recovering from a ransomware attack.

Avatar photo

Russ Kennedy

Russ Kennedy is chief product officer at Nasuni, which provides a file services platform built for the cloud. Before Nasuni, Kennedy directed product strategy at Cleversafe through its $1.3 billion acquisition by IBM. Earlier in his career, Russ served in a variety of product management and development roles, most notably at StorageTek (acquired by Sun Microsystems), where he brought several industry-leading products to market. An avid cyclist and hiker, Kennedy resides in Boulder, Colorado with his family. He has a BS degree in Computer Science from Colorado State University and an MBA degree from the University of Colorado.

russ-kennedy has 3 posts and counting.See all posts by russ-kennedy