We speak to NetApp’s Chris McKean about ransomware attacks and the function of information storage in securing versus them
By
-
Antony Adshead, Storage Editor
Released: 21 Aug 2024
In this podcast, we take a look at ransomware and information storage with Chris McKean, a services expert at NetApp.
He speaks about what storage providers can construct into storage items that can assist secure and remediate versus the results of ransomware attacks. These consist of detection, security of information and locking information versus unauthorised efforts to alter it.
McKean likewise discusses how storage anti-ransomware performance suits the larger photo of anti-ransomware method in the datacentre.
What does ransomware do– in its different kinds; file encryption, exfiltration, and so on– that effects information storage?
McKean: Ransomware can nearly maim storage entirely, since that’s the target with ransomware attacks.
You’ve currently stated there is file encryption and exfiltration. Normally, an assailant will get access to a business or an organisation network, and among the very first things once they have actually discovered the method around is they will seek to exfiltrate the information.
They will copy off as much crucial information as they can, due to the fact that at that point, they currently have a bargaining chip to state to a business, “If you do not pay us the ransom, we will launch these records onto the dark web for sale or into the general public domain,” nevertheless they’re going to do that.
There’s generally a two-pronged attack– and likewise, in addition to having access to the information, they will then attempt to secure all the information on the information storage. At that point, unless your organisation can handle having no digital capability to operate, you’re going to remain in a bad method.
You most likely can’t run whatever services that your service deals since whatever requires information. You understand, a user or an application, even if what they’re accessing straight does not have much information, that will most likely have a reliance on something even more down the line, a database or an information lake. At some time, it’s going to require to gain access to that information.
If that information is encrypted and the enemy, the ransomware gang, have the file encryption secret and just they have it, you’re not in a great location.
What functions can storage suppliers integrate in to fight ransomware?
McKean: I ‘d state there are a couple of sort of essential functions. The very first one is detection– finding something occurring at the storage layer.
As we’ve currently stated, if information is being secured, can that be identified? Can you state, “Right, I can see the file encryption levels on this storage location have begun approaching”? Or are we seeing brand-new file types appear that we’ve never ever seen before with, you understand, odd file extensions?