Cloudian and Veeam build ransomware data recovery service atop Amazon S3 Object Lock

Cloudian and Veeam have introduced Amazon’s S3 cloud Object Lock on-premises to combat ransomware attacks.

In the event of an attack, ransomware-locked files can be replaced by Veeam backup data stored on the Cloudian HyperStore appliance, which sits in the data centre behind the firewall. These will be free of the ransomware infection, according to Cloudian, which said its storage has US government-certified data immutability.

Danny Allan, Veeam CTO, said in a prepared quote: “Preventing a ransomware attack has become increasingly difficult, so we’re focused on ensuring users can quickly and easily recover from such an attack – that’s the peace of mind that we’re delivering with on-premises S3 Object Lock in the new Veeam Availability Suite V10.”

S3 Object Lock

Launched yesterday, Veeam Availability Suite (VAS) V10 introduced S3 Object Lock for backup data, with backups to an S3 target made immutable through a software setting. Cloudian’s HyperStore is on-premises object storage which supports the Amazon S3 APIs. Cloudian supports Object Lock functionality and is now a VAS V10 Object Lock target device.

S3 Object Lock provides a virtual air-gap that logically disconnects stored objects from connected commuter systems. In Object Lock’s Compliance Mode, stored data can’t be overwritten or deleted by any user including the root account in AWS within the retention period. There is no way to change the retention mode or to shorten the retention period.

According to Cloudian, restores from HyperStore are faster than via the public cloud because an on-premises object store generally has a faster network link.

The company said the Veeam partnership means a HyperStore Object Lock system can be a platform for ransomware protection-as-a-service. Also in the case of VMware Cloud Providers, it can deliver single-point management via VMware vCloud Director.

Ransomware attacks are increasing

Cloudian quotes an US inter-agency report that reveals 4,000 ransomware attacks “have occurred daily since January 1, 2016. This is a 300 per cent increase over the approximately 1,000 attacks per day seen in 2015.”

Preventing users from disclosing account passwords to phishing emails and other preventative measures are useful hygiene but are not 100 per cent effective. According to the US federal agencies, ransomware attacks can be expected to surmount password and other barriers.

Organisations should prepare accordingly and take the following preventative measures:

  • Back up data regularly and verify the integrity of those backups and test the restoration process to ensure it is working.
  • Conduct an annual penetration test and vulnerability assessment.
  • Secure their backups – ensure backups are not connected permanently to the computers and networks they are backing up. Examples are securing backups in the cloud or physically storing backups offline. Some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real time, also known as persistent synchronization. Backups are critical in ransomware recovery and response; if you are infected, a backup may be the best way to recover your critical data.