HPE just launched the latest HPE LTO-9 Ultrium 45 TB data cartridges, giving author Andrew Dodd the opportunity to revisit the subject of ransomware and discuss the value of LTO tape in helping companies boost their cyber security defences.
Not so long ago, criminals threatening to destroy vital infrastructure would have been the stock-in-trade of any self-respecting “hero saves the day” Hollywood blockbuster.
Today, however, such threats are sadly almost routine, but instead of high explosives, the bad actors are turning to malware and the Internet. The latest generation of cybercriminals don’t need bullets, dynamite or ingenious plots to wreak their havoc, they just rely on an open TCP/UDP port, a phished password or an incorrectly configured Remote Desktop. All of which means the hero will need some new skills to beat the baddies in the action thrillers of the future. Why blow something up when all you need to do is threaten to lock access to the critical files necessary to run a refinery or air traffic control?
Now that HPE has just launched the latest HPE LTO-9 Ultrium 45 TB data cartridges, I wanted to revisit the subject of ransomware and discuss the value of LTO tape in helping companies boost their cyber security defences.
Ransomware goes mainstream
Ransomware is in no shape or form a ‘new’ threat. What has perhaps changed is the level of public awareness following the major US oil pipeline attack in May which appears to have been an example of “Ransomware as a Service” (RaaS).
With RaaS, the malware is created by the ransomware developer, while the ransomware affiliate is responsible for infecting the target computer system and negotiating the ransom payment with the victim organisation. Effectively, it’s a two-tier channel distribution model - and a highly lucrative one at that.
The age of networks
Clearly, oil pipelines, power stations, hospitals, ports and other strategic infrastructure leap to the forefront of everyone’s minds when considering the damage that ransomware attacks may cause. But computer connectivity is now being built into just about everything. From cars to houses to factories, the Internet of Things is creating a society that is networked like never before.
And where there are networks, there are applications, and where there are applications, there is data, on an unimaginable scale. This is the extremely lucrative opportunity for the ransomware criminals and their affiliates.
The renaissance of tape storage
So the solution is obviously tape, right? I mean, this is a tape blog and I’m a tape expert, so I’m here to tell you that tape is all you need to stop the bad guys in their tracks?
Actually, that’s not the case at all. Tape is just one of the solutions you should be considering if you are worried about ransomware. This is not a question of “either / or”, where two solutions enter the ring and only can leave.
For example, when it comes to ransomware, various HPE storage solutions have technology that helps safeguard your data against cyberthreats. Each provides a different set of options according to their unique strengths. The HPE StoreOnce Catalyst API protects mission-critical data stores from ransomware attacks by providing data isolation and preventing ransomware from accessing backup data on the HPE StoreOnce, which ensures data integrity. HPE’s newly acquired Zerto solution offers the power, speed and convenience of continuous data protection so that you should always have a pre-ransomware roll back point for the data under its watch. Nothing is faster than always-on replication, application recovery, and journal-based recovery.
The key takeaway from this blog is that if we want to beat the cyber criminals we need to be smarter than pinning our faith on any single platform or solution. As a tape specialist, I believe HPE StoreEver LTO technology still has unique benefits in developing your ransomware strategy that make it compelling. But you need a mixed approach if you want to build the strongest, circular fortress that covers you on all fronts. Tape is no more “the answer” to ransomware than any other storage solution is the answer.
So, as HPE launches the latest LTO-9 technology, delivering 45 TB in a cartridge that will fit in the palm of your hand, let’s consider why tape is still a key part of the HPE lineup for tackling this insidious threat to your data?
Put differently, why do 89% of tape users say they are going to increase or maintain their tape footprint ? If you’ve ever contributed to, or read, the various online communities devoted to IT or Network Management, you know it’s not out of nostalgia! It’s because tape works. Tape is dull, but very useful. Tape is reliably unexciting and unexcitingly reliable. In the uncontrolled chaos of a major ransomware attack, the dependability of offline tape backup is something IT managers know they can almost certainly count on – if they still have it as part of their defence.
Aside from colossal amounts of storage to help you navigate your data oceans, the main advantage of LTO-9 and tape in general is allowing you to place huge amounts of your data totally offline and beyond the reach of hackers. In my opinion, nothing else in its class matches the cost, scalability and security of an automated tape library when considered in the round.
And this is critical because without being a doom-monger, the reality is that bad things will always happen to good computers in unexpected ways, both to your own equipment and – quite possibly - that belonging to your CSP or MSP.
Ransomware punches downwards
It’s not just big organisations, like multinational energy companies with highly visible assets such as pipelines, that are vulnerable. The REvil ransomware attack that recently compromised one software provider’s Virtual System Administrator application, (used by large numbers of MSPs to support the SMB market), spread so rapidly, by means of automation and internet connectivity, that the company’s own reports stated it propagated on the endpoints of between 800 and 1500 global MSP customers within hours.
Many small companies have relied on their service provider to be their last line of defence but better practice would be to maintain an offline, air gapped, copy of their data under their own control so they have a fall back position. For a budget-conscious small firm, that offline copy doesn’t have to be tape. HPE RDX Removable Disk cartridges can provide the same air gap capabilities without the higher upfront cost of a tape library which makes them an ideal small and micro business option for companies who don’t need the enhanced features of a HPE StoreEver system.
Saying that it would be a good idea to keep some tape around doesn’t feel like a completely old-fashioned point of view; it just feels like basic common sense. It would feel like common sense even if I wasn’t in the tape business!
In a recent study, by Cybereason, 34% of UK businesses and 31% of US companies reported closure after a ransomware attack. The same report also pointed out that even though the majority of ransomware attacks do not result in business closure, a significant portion of companies are forced to eliminate some jobs.
Faced with such devastating consequences, spending approximately $30,000 on a HPE StoreEver MSL3040 tape library that can place PB’s of encrypted data beyond the reach of a remote hacker seems a modest price to pay for the extra peace of mind and security it brings. In the end, it’s not really a technical consideration and more about your attitude to risk.
Why use tape? If it’s that inexpensive and gives you extra peace of mind, why not use tape?
Critics often assert that tape is too slow for restoring mission critical databases and other key applications and, in a conventional DR situation, they’d be absolutely right. If you need to spin up a critical OLTP database as quickly as possible, or recover a handful of mission critical files, it would be really strange to use tape when there are faster alternatives like HPE StoreOnce or Zerto around. But when ransomware has completely locked you out of your data (and your backups), I’d argue that speed of recovery is secondary to the fundamental question of ‘Can we actually recover at all?’
Look at it another way: if you only have 10% of your data available with the rest (including all your disk-based backups) criminally encrypted, a couple of days extra to recover your infrastructure from a recent tape backup won’t really be that much of a burden. That is the critical benefit that only a true offline storage medium like LTO tape can deliver.
Some classics never go out of fashion
In conclusion, when it comes to ransomware and damage limitation, I think it’s abundantly clear that tape is still a phenomenally useful solution because it can be deployed as a lifeboat when every other part of the ship is underwater.
In this respect, it remains unique and that’s the reason why, if you are deploying flash, secondary disk, HCI or cloud storage solutions, I would strongly encourage your business to consider keeping its LTO tape infrastructure. The whole point about the future is that you never know what might happen. By using tape, you greatly increase the chance of a positive outcome should disaster strike.
Ultimately in this strange, new world of cybercrime, you don’t need to wear a vest, deliver snappy one liners and walk barefoot over broken glass to halt the baddies. You just need to follow the advice of the FBI:
“Backup your data, system images, and configurations, test your backups, and keep backups offline”
“Offline” for most practical purposes means on tape. And in my view, everyone needs it.
But what do you think? Please feel free to voice your opinion in the comments below or continue the conversation with me on Twitter @Tapevine.
Storage Experts
Hewlett Packard Enterprise
twitter.com/HPE_Storage
linkedin.com/showcase/hpestorage/
hpe.com/storage
StorageExperts
Our team of Hewlett Packard Enterprise storage experts helps you dive deep into relevant data storage and data protection topics.
