Around the Storage Block

How can you build the most secure last line of defense against ransomware?

According to leading research firm Cybersecurity Ventures, every 14 seconds another business will become a target for a ransomware attack. What’s the best way to ensure that business isn’t yours?

Last line of defence against ransomware_Blog_shutterstock_710136688.jpg

In the time it takes you to read this article, twenty businesses will have been targeted by ransomware. That’s a shocking measure of the risk now posed by this pervasive threat to business continuity.

It’s no surprise that in a new report published  in January 2020 by HPE and Enterprise Strategy Group (ESG), 60% of organizations report experiencing at least one attempted ransomware attack in the last 12 months.[i] This is making investments in security a top priority, as 62% of companies surveyed by ESG expect to increase cybersecurity spending in 2020.

Why does ransomware create risk?

Essentially, ransomware is a business-interruption event that hits data and application availability. The reason why these incidents cause such concern for business and IT executives is the real threat that mission critical data assets might be destroyed or damaged in such a way that they cannot be easily or economically recreated. 

What are the costs of a ransomware attack?

Statistics vary on the cost of ransomware depending on size and industry, but as a general average according to one Q4 2019 survey[ii], the cost of ransomware is estimated to be around $84,000. USD per attack. 

At the opposite end of the scale, the city of Baltimore, which suffered a crippling RobinHood cyberattack in May 2019, estimated the cost of dealing with the incident as being around $18 million[iii].  And Swedish shipping firm, A.P. Møller-Maersk reported estimated losses of $250-300 million following a NotPetya virus attack in June 2017.[iv]

In total, the combined potential 2019 cost of these unrelenting ransomware attacks has been estimated at $7.5 billion in the United States alone. The impacted organisations included 113 state and municipal governments and agencies, over 700 health care providers, and more than 1,200 schools[v].

An emerging cyber threat: criminals want your backups, too!

In many ways, ransomware attacks are akin to “logical data disasters,” or events in which data becomes corrupted, unusable, or lost. Reversing the effects of data loss is the traditional role of backup and recovery mechanisms.

It’s disturbing that one of the strategies now being adopted by criminals is to encrypt or erase your backup files to make it more difficult to sidestep the ransom demand.  In the HPE/ESG study, 60% of IT respondents reported concern that data protection copies could become infected or corrupted by cyber attack.

Cyberattacksand ransomware.png

And this is no idle threat. Cybercriminals have been known to corrupt hypervisors and encrypt backup data using stolen password credentials. It’s also crucial to recognize that even data stored in the cloud is vulnerable to authentication issues arising from unauthorized network access that can still lock you out of your data altogether. If the underlying hypervisor overseeing a cloud network is compromised, it’s likely that all systems being hosted on the network will be vulnerable to exploitation.  

In late 2019,  Virtual Care Provider Inc., which provides hosting and IT services to post-acute care facilities across the US, was hit by the Ryuk ransomware, subsequently locking access to patient data at 110 nursing homes.[vi]

In many ways, the cybercriminals’ most potent weapon in a cyber security attack is the network itself, which permits the encryption of files on network servers, even if they are stored offsite.  A report from security analysts, Vectra[vii], in August 2019 suggested the most significant ransomware threat is malicious targeting of cloud service providers’ shared network files.

Building the most secure defense against ransomware

The obvious conclusion from all of this is that in an era of profound interconnectedness, some things still need complete physical separation from the rest of the network – e.g. they must be offline. Data protection and archive assets fall into this category. To not be affected or infected by ransomware, truly “cyber-resilient” copy of data must meet much more stringent requirements. This is where “air gapping” and LTO tape technologies come into play.

Air gapping keeps an isolated copy of critical data off the network, with no direct network connection and ideally multiple recovery points. This guarantees that an uncompromised “golden copy” is always available for recovery. Isolating and segregating the infrastructure and the data is critical to optimizing incident response time and effectiveness. This is what defines “isolated recovery.”

LTO tape can be the ultimate longstop in your 3-2-1-1 backup plan – namely three copies of your data, backed up on two different types media, with at least one copy stored off-site and (crucial for building defenses against ransomware) one offline.


According to multiple analyst reports (IDC[viii], ESGi) LTO tape is the most cost-effective long-term solution for storage of cold data.  For example, an HPE StoreEver MSL340 tape library with 500 TB of LTO-8 capacity costs less than $30,000. But more pertinently, it’s the only LTO that truly isolates more strategically important production data from a ransomware attack.

Businesses that adopt a multi-layer data storage strategy, including LTO tape, will be best equipped to recover quickly -- not just from a ransomware attack, but from any action or event that puts the integrity of data at risk.

“Tape systems provide a great set of options to deliver isolated recovery capabilities at scale, and hyperscale, with a cost profile that cannot be matched by disk-based technologies.  With a very desirable cost profile, and virtually unlimited scale, tape is poised to continue its “rebirth.” Its inherent strengths become more vital in contemporary IT, rather than less.”  Leveraging tape to combat ransomware with HPE StoreEver, Enterprise Strategy Group, January 2020

For more information, please check out:

[i] Source: Enterprise Strategy Group, January 2020

[ii] Source: Coveware Ransomware Marketplace Report, Q4 2019

[iii] Source: City of Baltimore briefing, June 2019

[iv] Source: A.P. Møller-Maersk Annual Report, 2017

[v] Source: Emisoft, January 2020

[vi] Source: KrebsOnSecurity, November 2019

[vii] Source: Vectra, August 2019

[viii] Source: IDC “Tape and Cloud: Solving Storage Problems in the Zettabyte Era of Data”, June 2019

TOF36ddN_400x400.jpgMeet Around the Storage Block blogger Andrew Dodd, HPE Storage Media. 

You can follow him on Twitter @tapevine




Storage Experts
Hewlett Packard Enterprise

0 Kudos
About the Author


Our team of Hewlett Packard Enterprise storage experts helps you to dive deep into relevant infrastructure topics.