Ransomware is the new ‘bad boy’ on the cybersecurity front. It has replaced Advanced Persistent Threat (APT) network attacks as the highest profile cyberthreat for IT departments of organizations big and small. For the purpose of this blog we define Ransomware as “computer malware that installs covertly on a victim’s computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to restore it”(ref: wikipedia). Ransomware used to target individuals but has now firmly established itself in the enterprise arena. In these cases, valuable enterprise data is encrypted by malware and only restored in exchange for a ransom payment. Recently, several high profile Ransomware attacks have found mention in the media as in here, here and here!
In most cases, targeted companies just pay up the hush money. Since there is no data breach per say, the incident typically doesn’t even get reported to federal agencies. This, however, is not going to last long, because the FHA is already smarting from a slue of ransomware attacks on hospitals.
Ransomware succeeds because every strategy to combat ransomware has one point of failure that has no real protection – humans. We expect humans to not be humans (i.e not fall for phishing or such attacks) to truly protect ourselves from Ransomware and that simply is not going to happen. So by default, backup systems become the option of last resort to minimize the effects of ransomware attack. However, any reasonably sophisticated Ransomware attack assumes that its intended victim will have a proper backup strategy in place. Therefore it is most likely designed to find and encrypt backups or destroy them as well. Even a very conscientious backup strategy will not protect the enterprise from this kind of ransomware attack if the backup system is not built to protect against such attack.
Cohesity provides robust protection against ransomware by keeping your backup data secure. But before we go into details about the Cohesity’s ‘secret sauce’, let’s make it absolutely clear that we are not hiding behind the semantics of what constitutes additional protection – because this seems to be case for every other backup vendor that claims to provide Ransomware protection.
So what’s different about Cohesity as a backup system that can protect against this? Well, there are few fundamentally unique things that Cohesity does that no other secondary storage vendor can do. We can do that because we have built a completely new kind of file system, the Cohesity file system, designed for secondary storage workflows from the ground-up. Few of its key salient points are:
We protect your backups via time-based snapshots. The original backup job is kept in an immutable View. That View is never made accessible or mounted by an external system. Only clones of that original View can be mounted externally. If worm burrows into the system, the best it can do is encrypt a clone of these snapshots. Extending this further, when we restore a snapshot, we clone it and only the clone is mounted on the server. So internal snapshots are never exposed.
The upshot: The system always has a clean copy. The Ransomware can delete the files in the View, but it cannot touch the immutable snapshot. And restoring a view that has been encrypted by Ransomware is as simple as restoring the snapshot!
Let’s tie all this up with a couple of concrete examples.
In the first example we consider Cohesity protecting DB servers:
This is how we can easily recover from the ransomware attack without missing as much as a beat! We have also explained through a short video below.
The second example considers Virtual Workloads:
To summarize what key features in Cohesity protected the company from the worst of Ransomware is:
A well designed system assumes failures at various levels including (and most certainly) from humans. No matter how much a company invests in security products, the relentless nature of malware attacks almost guarantees that it will fall victim at some point of time. Backups are the only sure shot way to provide protection from catastrophic consequences. Cohesity’s unique approach to backups enabled by the Cohesity file system, purpose-built for secondary storage, presents a formidable foe to all ransomware attacks.
Authors: Vivek Agarwal and Ganesh Shanmuganathan