Defense Against the Dark Arts of Ransomware

21st Year of the 21st Century

Still struggling through the devastations of a pandemic, the year 2021 had only entered its fifth month, when one of the largest petroleum pipelines in the US reported a massive ransomware attack. The criminal hacking cost the firm more than 70 Bitcoins (a popular cryptocurrency). This year alone, major corporates across the world have had multiple such potential attacks. All this is in the wake of the US President promising to address such security breaches. Indeed, determination alone may not be enough to stand against one of the most baffling cyber threats of all times – Ransomware.

As the cloud infrastructure has grown to be a necessity now more than ever, enterprises across the world are trying their best to avoid the persistent irk of Ransomware. With all its charm and gains, Cloud Storage finds itself among the favorite targets for criminal hackers. The object, block, file, and archival storages hold some of the most influential data that the world cannot afford to let fall into the wrong hands. This blog will try to understand how Ransomware works and what can be done to save our cloud storage infrastructures from malicious motives.

From Risk to Ransom

Names like Jigsaw, Bad Rabbit, and GoldenEye made a lot of rounds in the news the past decade. The premise is pretty basic – the hacker accesses sensitive information and then either blocks it using encryption or threatens the owner to make it public. Either way, the owner of the data finds it easier to pay a demanded ransom than to suffer the loss that the attack can cause. Different ransomware attacks have been planned in varying capacities, and a disturbing amount of them have succeeded.

Cloud storage infrastructures use network maps to navigate data to and from the end interfaces. Any user with sufficient permissions can attack these network maps and gain access to even the remotest of data repositories. Post that, depending on the type of ransomware – crypto ransomware encrypts the data objects to make them unusable, while locker ransomware locks out the owner itself. The sensitivity of the data forces the owner to pay the demanded ransom, and thus bitcoins worth of finances are lost overnight.

Plugging the Holes in Cloud Storage Defense

While a full-proof defense against the dark arts of ransomware attackers is still being brainstormed, there are a few fortifications that can be done. Prevention is still deemed better than cure; enterprises can tighten up their cloud storage defense to save sensitive business data.

Access Control

Managing access can be the first line of defense for the storage infrastructure. Appropriate identity-based permissions can be set up to ensure that the storage buckets are only accessed according to their level of sensitivity. Different levels of identity groups can be built to control and monitor access.

An excellent example of this is the ACL (Access Control List) and IAM (Identity Access Management) services offered by AWS S3. While the IAMs take care of the bucket level and individual access, ACL provides a control system used for managing the permissions.

Access controls lower the chances of cyber attackers finding and exploiting security vulnerabilities, allowing only the most trusted end-users to access the most crucial files. The next two ways add an extra layer of security to these files in their own respective ways.

Data Isolation

Inaccessible data backups can prevent external attacks while assuring the data owner of quick recovery in case of unforeseen situations. This forms the working principle for Data Isolation. Secondary or even tertiary backup copies are made for potential targets are secluded from public environments using different techniques like:

• Firewalling
• LAN Switching
• Zero Trust security

Data isolation limits that attack surface for the attacker, forcing them to target the already publically accessible data. Data isolation has been done by an organization with secluded cloud storage and even disconnected storage hardware, including tapes. The original copies enjoy the scalability and performance benefits of cloud storage, while the backups can stay secure, only coming to action in case of a mishap.

In the face of a cyberattack, the communication channels to the data can be blocked to minimize the damage, while the lost data can be recovered using a secure tunnel from the isolated backup to the primary repository.

Air Gaps

As a technique, Air Gapping can prove to be a good adjunct to Data isolation. The basic premise is to simply eliminate any connectivity from the public network. Therefore, further strengthening the data isolation, Air Gaps severe all communication from the main network and can only be connected at the time of data loss or data theft. Traditionally, mediums like Tape and Disks were being used for this purpose, but nowadays, private clouds too are being employed. Air gapping essentially lift the drawbridge from the outside world, and now its impenetrable walls can vouch for the data to be secured from the attackers.

Nowadays, storage infrastructures like all-flash arrays are being used for air gapping data backups. The benefits are multiple – huge capacity, faster data retrieval, and secure, durable storage. Air gapping essentially makes the data immutable and thus immune to any cryptic attacks. Technologies like Storage-as-a-service have also made such data protection tactics more economical for organizations. Additional layers of air gapping can be implemented by separating the access credentials for the main network from that of the air gapped storage. This would ensure that even with admin credentials, one is not very likely to alter the secluded data.

Conclusion

If anything, the last few months have taught us the value of prevention and isolation. Maybe, it is time to make our data publically isolated as well, until the need is “essential.” Taking advantage of the forced swell in the number of remote accesses, the cyber attackers are trying to make easy money with unethical means causing irrevocable damage to corporates across the world. It is therefore essential that we implement proper access control, isolate and air gap the critical backups and brainstorm over some full-proof protection against such attacks.