Safeguarding against the global ransomware threat

SPONSORED FEATURE: Ransomware is used by cybercriminals to steal and encrypt critical business data before demanding payment for its restoration. It represents one of, if not the most, serious cybersecurity threat currently facing governments, public/private sector organizations and enterprises around the world.

Infosec experts warn that data loss from attacks is often irreversible, even when the ransom is paid. Sterling Wilson, Data Resilience Strategist at Object First — the provider of Ootbi (Out-of-the-Box-Immutability), the ransomware-proof backup storage appliance purpose-built for Veeam — believes that data is one of the most precious assets available, and as such, must be tightly protected.

“Ransomware means the bad guys can sit by and get tens of millions of dollars from organizations that are literally dead in the water without their data,” he explains. “In all verticals, for all companies, data is their lifeblood.”

The potentially devastating consequences of ransomware attacks were highlighted by the UK House of Commons/House of Lords Joint Committee on the National Security Strategy in a December 2023 report, A hostage to fortune: ransomware and UK national security.

“Due to its potential ability to bring the UK to a standstill, ransomware has been identified by UK authorities as the number one cyber threat to the nation,” the report read.

“A mature and complex ecosystem has evolved, involving an increasingly sophisticated threat actor; ransomware is also now marketed as a service, which can be purchased by the uninvolved e.g., criminal gangs, making it more widely available to those who wish to inflict harm for profit. Past attacks have shown that ransomware can cause severe disruption to the delivery of core government services, including healthcare and child protection as well as ongoing economic losses.”

In a November 2022 report, the Royal United Services Institute (RUSI) warned that the impact of a ransomware attack expanded beyond the financial terms of the ransom payment to encompass other potentially serious factors, including business interruption and privacy liability costs, as well as the expense of hiring incident response firms, negotiators and crisis managers.

Lindy Cameron, CEO of the UK National Cyber Security Centre, which is part of GCHQ, adds that ransomware can be “truly devastating” for victims: “Attacks can affect every aspect of an organization’s operation, hitting finances, compromising customer data, disrupting operational delivery, eroding trust and damaging reputations. The impact will be felt in the short and long term, particularly when organizations are unprepared. Recovery is often lengthy and costly.”

Assume the worst and plan ahead

Object First’s Wilson warns that it’s really “not a matter of if, it’s a matter of when” a cyberattack attack will come. He explains that company cybersecurity teams need to assume that they will be targeted and develop a plan to secure their backup data before they get attacked.

“It used to sound so alarmist when we said this 18 to 24 months ago, but now we’re seeing the sense of alacrity with which all of these invasions are happening,” Wilson advises. “You know what’s coming. The first thing is to have a plan. Treat your data, your backups, and your infrastructure like it already has an attacker inside, and treat your most valuable possessions as such.”

Wilson describes the different types of backups that have historically been commonly deployed. The first of these is direct attached storage (DAS), which involves nothing more than a bunch of disks attached directly to the main servers. While this is the easiest option, it provides absolutely zero data protection in the event of a ransomware attack, as the bad guys will immediately own the backups.

The second option is to backup to separated physical media, such as tape and deduplication devices. While more secure, this approach takes inordinate amounts of time to invoke data recovery. The third option described by Wilson is to backup to an on-premises Hardened Linux Repository, which is a relatively more secure option as it uses some facets of object immutability.

However, these technically complex solutions are not completely immutable and require considerable expertise to set up and maintain. Offsite cloud backup is another option, but Wilson points out that recovering your whole company’s data from the cloud will usually be too slow for practical purposes and is subject to expensive egress fees.

Zero Trust principles apply

To address the shortcomings of these approaches, Wilson stresses the importance of following zero trust principles: “We’ve gotten convoluted messages on the ideas of zero trust, but the facets of zero trust are very succinct. You assume a breach, and you make sure you check and authenticate at every step of the way. You cannot trust the user who has authenticated at the edge of your network to move laterally through your network. You must make sure that every single place, every application, every point of data ingress and egress is secure.”

These zero trust security principles were fundamental to Object First when it engineered its secure backup storage appliance dubbed Ootbi (which stands for Out-of-the-Box Immutability). This ransomware-proof and immutable out-of-the-box solution delivers secure on-premises backups that are immutable by default and protected from cybercriminals.

Object First has a long-established and close relationship with Veeam, a provider of software that delivers secure backup and fast, reliable recovery solutions. Consequently, the Ootbi solution has been designed to synchronize perfectly with Veeam V12 direct-to-object storage configuration powered by the Smart Object Storage (SOS) API. The Ootbi locked-down Linux-based storage appliances, which incorporate a hardened operating system with no root or backend access by design, can scale linearly, supporting backup speeds up to 4.0 Gigabytes per second with up to half a petabyte of storage space.

“Ootbi provides the security that we need today,” Wilson says. “It is secure and simple to operate and deploy: from taking the appliance out of the box to running the first backup takes less than 15 minutes. It’s powerful. We grab the data in the best way using Veeam SOS storage API and place it into a unit that is completely secure using S3 object storage and all the facets of object immutability.”

According to Veeam’s 2023 Data Protection Trends Report, 85 percent of global organizations have suffered at least one cyberattack in the preceding twelve months; an increase from 76 percent experienced in the prior year. Conducted by an independent research firm, this survey polled 1,200 IT leaders whose companies suffered at least one ransomware attack in 2022 — including 350 in Europe. The research offers the following recommendations to maximize protection against ransomware:

– Immutable storage within disks, clouds and air-gapped media to ensure survivability.
– Hybrid IT architectures for recovering to alternative platforms like any other backup/disaster recovery strategy.
– Staged restorations to prevent re-infection during recovery.

Giving customers the data protection they need

A real-world example of the power of Object First’s Ootbi platform can be seen in its deployment by Prodatix, a US Veeam certified engineering company specializing in data backup, recovery and ransomware protection. The company provides a range of services including data management, Veeam consulting, Veeam licensing and backup appliances optimized for Veeam. Recognizing the critical importance of deploying a robust on-premises and immutable storage solution to ensure secure backup storage and resilience against ransomware attacks, Prodatix teamed up with Object First in 2022 as a beta partner.

Prodatix noted that Ootbi is purpose-built for Veeam and designed to create a seamless customer and partner experience. “Ootbi by Object First made sense as we know the market needs immutable on-premises storage, but we did not want to get into that business of building complex, large capacity immutable appliances,” said Prodatix’s vice president of technical sales, Matt Bullock. “Ootbi makes immutable storage simple, and we were excited by the 100 percent Veeam focus as we are a 100 percent Veeam shop.”

Having a demo by the Ootbi engineers really helped Prodatix to see the power of the appliance. And the company really appreciated the modified Linux platform that Object First developed to handle some of the immutable storage realities in Veeam’s VBR 12.
Bullock explained that Ootbi allows Prodatix to offer a robust immutable storage solution for Veeam and give customers the data protection they need.

“We present Ootbi as a necessary part of a data protection strategy and recovery plan,” Bullock said. “We also explain that the cloud is great, but you have to be able to restore from on-premises during and after a cyberattack to ensure you are reducing downtime.”

Ease-of-use and deployment are key advantages for Object First’s Oobti platform: “Object First’s Veeam-specific, easy to use, and stable immutable storage appliance ‘easy-button’ is the most impressive for the customers. Busy IT teams need a turn-key immutable appliance that works the first time, and every time, without a lot of time and interaction needed with the appliance.”

Looking to the future, Wilson cautions that infosec pros should brace themselves for a new wave of AI-generated attacks. “Security now touches everything,” he warns. “In the very same way that we leverage AI for some really cool things, it’s also being leveraged by the bad guys.”

In the future, we’re likely to see more AI and more impersonators pretending to be legitimate actors. “If someone has access to something, someone can impersonate them and get to that data,” points out Wilson. “But at Object First, we don’t offer that root access.”
And so that’s why it never has been more important to make sure that you’re keeping your backup data on-premises on storage appliances that are completely immutable out of the box.

Sponsored by Object First.