BlueXP Blog

Ransomware & Cloud Backup: Enhance Your Cyber Resilience

Written by Semion Mazor, Product Evangelist | Jun 6, 2022 5:44:37 AM

Of all the types of cyberattacks—from phishing, DOS attacks, SQL injections, and malware— it’s ransomware that is the most threatening to enterprise operations. Security agencies such as the FBI and Europol have warned about the frequency of these attacks and the monetary damage they can cause. For this reason, knowing how to set your enterprise organization up for ransomware recovery is a crucial step in coming up with a defensive line against ransomware.

This article will show how to protect against ransomware & Cloud Backup as a tool to help create the safe cyber bunker you’re looking for.

Read on below as we cover:

The Ransomware Threat and Cyber Resilience

Ransomware is a type of malware that uses encryption to lock access to a device or data set. This effectively prevents the owner from accessing, using, or changing the data until a ransom is paid to the attackers. There are many different forms of ransomware, each with its own attack vector, but the ultimate goal of all of them is to profit from doing harm to a business, either operationally or financially.

In order to regain access to the device or to unencrypt the data, the attacker will request to be paid a ransom amount, usually in the form of digital currency, which makes the transaction more difficult to trace. Since the attackers remain anonymous, there is never a guarantee that paying the ransom will return access to your data or devices. Hence, the trickiness of this cyber attack modus operandi.

Major organizations such as Quanta, United Kingdom NHS, Ultimate Kronos Group, and U.S Colonial Oil have all fallen victim to ransomware attacks. The most resounding of these cases was U.S Colonial’s, which resulted in a days-long shutdown of oil pipelines and a paid ransom of $4.4 million.

As there are no minor threats, enterprises need to implement protection strategies against ransomware and other types of cyberattacks. There are good practices to battle ransomware attacks preemptively. However, there’s one measure that can provide the last line of defense that organizations are looking for: backups.

Having a good backup strategy and reliable backup technologies at your disposal means that when attacks happen (which they most likely will) you’ll be able to restore your data to a working state without paying the ransom. Backup systems and your backup strategy help form a kind of cyber bunker against ransomware attacks.


There’s a specific tool that NetApp offers that can help you create that cyber bunker to protect against ransomware: Cloud Backup.

Building a Cyber Bunker for ONTAP Against Ransomware: Cloud Backup

Cloud Backup is NetApp’s backup-as-a-service offering that is controlled via the Cloud Manager console. With Cloud Backup you can create incremental forever, block-level backups of all your ONTAP data volumes. The backups reside in low-cost, scalable object storage either on-prem in StorageGRID appliances or in the cloud on Amazon S3, Azure Blob storage, or Google Cloud Storage. It’s an easy-to-set-up service that doesn’t require any expertise in operating backup environments to run.

Let’s go over the main features of Cloud Backup and the ways it can help you build your cyber bunker against ransomware:

Reliability

Cloud Backup’s block-level, incremental forever backup method makes it possible to create efficient, faster, and ultimately more reliable backups. This positively impacts against ransomware as there is less chance to miss a backup window, and more granular restore points in case recovery is ever needed.

  • Off-site backup storage

    One of the most important measures that you can take to create reliable backups is to store your backup copy (or copies!) in a separate location from your primary data. While traditionally, this has meant shipping tapes offsite to a secondary facility, the cloud offers a less-expensive and more flexible offsite location for this data. Cloud Backup creates backups that are inexpensively stored in object format in the cloud.

  • Multiple Accounts

    Cloud Backup allows the use of several accounts as a security measure. Using multiple accounts provides a workaround for account hijacking. By maintaining backups in different locations under different accounts, your organization has an additional gate to prevent an attacker from gaining access to all of your backups.

  • Cross-region storage

    Backups can also be stored in a different cloud region to provide protection against regional failure. This way, should a cloud provider region fail or itself become exposed to an attack, your data will be available to you through the alternate cloud location.

  • Multicloud flexibility

    In addition to being able to store off-site copies of data, use different accounts to access them, and store that data in different regions, Cloud Backup copies can even be stored in different clouds. This is thanks to Cloud Backup's integration with the three major cloud providers (AWS, Azure, and GCP).

    The advantage to using several cloud providers is that it adds an additional layer of protection, as the backup copies can be stored totally independent from one another. For example, a user can back up on-prem ONTAP directly to an AWS S3 bucket, while an additional copy of the data is also stored on Azure Blob storage.

    These four features are central to the reliability package that Cloud Backup delivers. Combined, they allow users to create a cyber bunker that can help withstand ransomware’s signature lockouts. With additional copies of the data stored in different regions and clouds, you can ensure that you’ll have a safe, clean copy of your backups  to help recover should your primary data ever be subject to a ransomware attack.

    Additional reliability features include:

  • Utilizing object storage for the backup

    Cloud Backup allows your backup data to be stored in object storage in AWS, GCP, Azure, or Netapp StorageGRID. These backup objects are created with non-public access by default.

    Data stored in object storage resides in a different format than the source data, aligning with the 3-2-1 strategy. Object storage is also very reliable (11 nines of data durability). These copies can be stored in your own object storage within your cloud account.

  • Single initial full copy

    Creating periodic full backups requires large backup windows for data transfers and leaves organizations exposed to missing their backup agendas if something goes wrong with the full backup. Not having efficient backups translates to increased risk against a ransomware threat striking during such intervals and not having up-to-date backups available for recovery. Cloud Backup prevents this issue by only needing to create a single initial full copy of the data. All the backups after that are incremental forever on the block level.

  • Based on NetApp Snapshot technology

    The backups created by Cloud Backup are based on NetApp Snapshot technology, meaning they provide a read-only immutable backup. That means hackers won’t be able to alter the data in your backups. They are also highly efficient to create and store.

  • Faster backup

    Having faster, incremental granular backups that retain storage efficiencies places much less overall stress on a network. This, in turn, reduces backup failure rates and builds a robust backup solution ready to respond against a ransomware attack.

Security

  • Direct backups

    Unlike NDMP-based backup solutions, Cloud Backup backs up your data directly from the source to the destination, without using a media gateway. This direct method of backup is made possible thanks to NetApp-native SnapMirror Cloud technology. Cloud Backup uses SnapMirror Cloud to replicate your ONTAP data seamlessly to the cloud without involving any third-party mediators. This is more secure because it eliminates any chance of man-in-the-middle attacks, failures, or breaches.

  • In-flight encryption

    Backup data from the source travels securely to the cloud using TLS 1.2 HTTPS. Overlooking in-transit data could open a door for ransomware. In order to gain access to this in-flight data, attackers would need either physical or logical access (through malicious software already installed within the network) to any middle point between source and destination. Having in-flight encryption means Cloud Backup can prevent tampered data in a ransomware attack from being read and published.

  • At-rest encryption

    Cloud Backup data is encrypted at-rest using AES 256-bit encryption. This protects against data exposure damages and blackmail attempts, also known as leakware.

  • CMK (Customer Managed Keys) support

    By giving users ownership over their keys, Cloud Backup makes it possible to enable per-tenant encryption, monitor data usage, and control permissions. This gives you more ability to align with the least privileged policy.

  • Single-console control and visibility

    Cloud Backup is part of a range of NetApp services that can be managed through the SaaS-based unified Cloud Manager platform.

    This makes it possible to see all your NetApp working environments in a single place, whether they’re on-prem or in the cloud. This single view makes it easier to ensure everything that needs to be protected stays protected. Cloud Manager will also alert you automatically about environments with issues that need to be resolved.

    For organizations with the strictest security measures which can’t afford outbound internet connection for data backups, Cloud Manager can also operate in a software-only mode without internet access.

  • Secure connections

    The interaction between the user’s browser and Cloud Manager goes through HTTPS  after a TLS handshake took place with a NetApp-signed certificate. The user is authenticated using Auth0 with support for multi-factor authentication, providing an additional layer in case of account take-over by ransomware attackers.

    Cloud Backup supports several third-party connectivity services, including AWS PrivateLink, Azure private endpoint support, and proxy support for backup and restore operations.

  • AWS PrivateLink: Cloud Backup supports AWS PrivateLink and offers secure connections from on-prem networks to all AWS services either through AWS site-to-site VPN connections or through AWS Direct Connect. Just set the configuration needed for this in the Cloud Backup wizard, and all the backup data will travel from your on-prem network to AWS through secure private connections.
  • Azure private endpoint support: Microsoft Azure offers the same on-prem to cloud secure connection models, Azure Private Endpoint, and ExpressRoute. Cloud Backup also supports these secure connections to the Azure cloud by just enabling them in the Cloud Backup wizard .
  • Proxy support: If traffic from your on-prem network to the internet needs to go through a proxy server, Cloud Backup supports both backup and restore operations through a proxy configuration. Enable Cloud Manager proxy settings and ensure the Cloud Restore instance has outbound connectivity to the listed endpoints, and all your backups and restores will go through your network proxy.
  • Multi-tenancy

    Cloud Manager follows a multi-tenancy model, providing isolation for different working environments and Cloud Manager accounts. This provides additional barriers against ransomware since an attacker might be able to hijack and read only a specific user’s credentials. The multi-tenancy model prevents access to the rest of the Cloud Manager infrastructure and allows possible corrective actions from other Cloud Manager account admins that could block the infected user.

Restore Options

The restore capabilities Cloud Backup offers are also one of the greatest added values it has against ransomware attacks:

  • Restore data easily from specific points in time

    Ransomware attacks generally don’t spread to all the data at once. Having the ability to choose from specific point-in-time restores at the file level is a very powerful restore option offered by Cloud Backup.

  • Restore as needed

    Through a browsable index catalog, users can choose individual files for restore, allowing for a fast and cost-effective recovery from ransomware hijacking of individual files. Volume-level restores are also possible.

  • Restore to the source system or to a different system

    If storage infrastructure is ever compromised by a ransomware attack, Cloud Backup supports restores to multiple locations. These locations can be the source system or a different location, such as another on-prem ONTAP system or a different Cloud Volumes ONTAP instance. This feature, along with file-level restores, provides versatile, cost-effective, and fast recoveries against ransomware.



    Restoring data to a different location than the backup.

  • Restore instantly

    Cloud Backup data can be restored instantly and directly, with no media gateway required. This mainly gives you the ability to restore systems quickly and get your business back up and running as soon as possible (without paying the ransom). Data is restored on a block level, placing the data directly in the location you specify, all while preserving the original ACLs (access control list).

  • Long-term retention

    The object storage tiers used by Cloud Backup are extremely cost-efficient, even more so when leveraging the archive tiers. This makes Cloud Backup copies ideal for long-term retention that may be required by industry standards and regional data protection laws. Data in these backups can also be restored from any point in time, making them more than just archive copies.

  • Restore from SnapLock WORM volume

    Cloud Backup integrates with SnapLock to create Write Once, Read Many (WORM) storage volumes. You can opt for a full volume or single file restore using SnapLock enterprise WORM volume backup snapshots. With this integration, your business will be able to meet SLA and RTO requirements as well as restore critical data in the event of a ransomware attack without losing any data along the way.

Summary

As the features above show, there are several ways to protect against ransomware & Cloud Backup can help provide protection and act as the cyber bunker you need. It will enable you to have a highly resilient security posture and help you get back to business if an attack does occur (which is the ultimate goal of data protection, after all).

Cloud Backup also provides a range of features that add even more protection and restore capabilities that make it an excellent shield that keeps your organization safe against the wide range of ransomware tactics.


FAQs

How do I protect my cloud data from ransomware?

Cloud data needs to be protected in similar ways to on-prem data. The security of the data itself falls under the responsibility of the owner rather than the cloud service provider. Therefore, you should follow the same set of best practices: keep antivirus software up to date, educate staff to avoid suspicious attachments and links, and keep a close eye on the network for suspicious events.

Can backups prevent ransomware?

Backups in and of themselves can’t prevent ransomware, but they can do a good measure to counteract the effects of getting locked out of your data. Up-to-date backups that are separate from the infected system can be used to restore systems to their original state.

Is cloud backup safe from ransomware?

Cloud-based backups might also be targeted by ransomware, so it’s important to keep security practices in mind when configuring them. However, the only way an attacker could lock backup data is by gaining access to the cloud account holding the backups and encrypting the object storage data at rest. Without access to the cloud account, it isn’t possible for them to lock the backup data.