The File Data Problem for Ransomware

Ransomware can enter your organization by infecting any data, not just your mission critical data. This poses a challenge for infrastructure and storage managers who typically focus the best data protection strategies on mission-critical data which is often block data. The large volume, variety and velocity of file data in the enterprise makes this unstructured data the hardest to defend against ransomware attacks and leaves the organization vulnerable.

File data is most vulnerable to ransomware attacks

File data is arguably the most difficult data to protect against ransomware attacks because it is touched by many different users, groups and applications. For instance, a research image created from one application may be incorporated into a document, emailed and shared with many others. This increases risk as all it takes is for one of these users or groups to make a mistake that leads to a ransomware infection. The large attack surface of file data is risky not only because an attack can enter the network through any one of the billions of files, but also because the attack could spread for months in the enterprise network without detection. Any ransomware defense strategy for file data must consider ways to reduce the active attack surface.

But ransomware defense for file data is difficult and expensive because of the large attack surface

Yet, defending file data against ransomware attacks is difficult and costly because file data can easily be billions of files and petabytes of data, which means the attack surface can be quite large. Even if you kept many backup copies of the file data, its volume makes it an easy target for ransomware actors to gain entry to the rest of the enterprise. Plus, all of your costs add up quickly when you copy petabytes of data.

If you have 1 PB of file data, you are really managing at least 3PBs with all the copies. Most (80%) of this data is cold and not actively used, yet by keeping it in active storage, it is still vulnerable to attacks and must be defended the same way as hot data.

Snapshots are also vulnerable to ransomware attacks

Unfortunately, snapshots may not be an adequate defense to recover from a ransomware attack because snapshots can themselves become infected or corrupted. Storage vendors like NetApp now offer tamperproof snapshots that protect against deletion. This way, as long as you have snapshots taken earlier than the attack, there is some possibility of recovery. However, most solutions such as NetApp Tamperproof Snapshots do not allow storage-based tiering such as NetApp FabricPool or Dell CloudPools, as doing so could provide a backdoor access to the destination volume. Therefore, if you use their tamperproof technology, you’ll need to use a storage-agnostic solution like Komprise to tier data to private or public clouds.

Shrink Ransomware Attack Surface with Hybrid Tiering at the File level

Given these constraints, organizations must look for ways to shrink the file attack surface. Transparently offloading cold files through hybrid tiering cuts both costs and risks. Hybrid tiering offloads entire files from data storage, snapshot, backup and DR footprints and leaves behind dynamic links. This allows your users to continue seeing and accessing the tiered files without any change to application or user processes. Learn more about Komprise Transparent Move Technology (TMT)™.

Unlike storage tiering which is typically offered by the storage vendor and moves blocks of files to the cloud, hybrid tiering operates at the file level which has several advantages:

  • First, by offloading entire files, with hybrid tiering you remove the files from the ransomware attack surface. With storage-based tiering, the files remain on the active attack surface.
  • Second, by using hybrid file tiering to an immutable location, you add another layer of defense from potential attacks through versioning. You have an older version of the tiered files to recover from in the event of an attack, because any modification to a file causes a new version to be saved.
  • Third, Komprise hybrid tiering at the file level is transparent to the snapshot mechanisms, so your tamperproof snapshots continue to work.
  • Fourth, hybrid tiering at the file level shrinks your storage, backup and DR footprints, thus reducing costs.

ransomwaretiering-1-768x401

Reduce Vulnerability to Ransomware Attacks

In summary, most file data isn’t mission critical–but it could be your weakest link for ransomware attacks. File tiering eliminates cold data from the ransomware attack surface while giving users and applications seamless access. This shrinks your attack surface by 70%+ and it reduces your ransomware defense costs while supporting technologies like tamperproof snapshots work seamlessly.

To learn more, read the Komprise Data Tiering Guide.

Getting Started with Komprise:

Contact | Komprise Blog