A great article on how to fight ransomware. read this article about a US university and how Quantum tape technology allowed the attackers not to ruin everything.
FIGHTING RANSOMWARE WITH A MULTI-TIER BACKUP STRATEGY
Ransomware is one of the fastest-growing kinds of cybercrimes, and the financial impact is enormous. The FBI estimates that reported payments in 2016 reached $1 billion, and many are never reported. Ransomware attacks introduce malware into a computer system, which systematically encrypts stored files, and the criminals demand payment in exchange for the decryption key. Ransom payments are not recommended: they encourage attacks and many organizations have not been able to recover all their data even after paying. A much better solution is creating a resilient data protection system.
Ransomware Attacks a Major University
The attack might have been discovered earlier, but there was a new backup administrator who was not fully aware of how to detect malware and shut down the system at the first signs. The malware was able to encrypt files for a full eight hours before an administrator noticed unreadable files and tracked down the head of IT, who shut down all the systems. By that time, 20,000 files had been locked on 120 servers, including all of the university’s virtual machines (VMs). The ransom demand was huge—in six figures. But, the university decided against paying because the IT team had a data protection methodology that would allow it to recover the data safely.
Tape Backup Layer a Critical Component for Recovery
The university’s backup started with disk targets—but because the backups were stored in NTFS, they were compromised. Fortunately, the IT team also had been writing backups to an ###a href=”LTO” class=”redactor-linkify-object”>http://www.quantum.com/product… tape library.
Instead of rebuilding the system directly onto the disk that had been infected, the university used its archive—a ###a href=”Quantum” class=”redactor-linkify-object”>http://www.quantum.com/product… StorNext system that created duplicate copies of some data in an object-storage-based private cloud using Quantum’s Lattus solution. The team discovered that the malware did not spread to the StorNext Lattus archive.
Lattus provides a highly scalable archive using object storage technology that also protects data by spreading it across many different disk spindles and, optionally, multiple locations. The team used Lattus as a safe staging area to restore the systems before installing them on the now-clean original server infrastructure.
Recovery Plans Minimize Loss
The copies on tape and the Lattus working area provided the IT team with everything it needed to recover all the backed up data and rebuild the system. The only data that had to be recreated were files stored outside the backup system on some laptops and USB drives, about 600GB.
The bottom line? Ransomware-style cyberattacks may be common and difficult to completely stop, but a best practice backup strategy that includes multiple copies of data on different kinds of media, including tape, can eliminate or minimize data loss.