It's becoming increasingly obvious from looking at the figures that trying to prevent ransomware attacks through conventional security methods is a whack-a-mole approach that will fail most organizations in the long run.
To help organizations deal with the ransomware threat, the Massachusetts-based cloud-native data protection company Trilio last week released TrilioVault for Kubernetes 2.5, a security-focused backup solution for containerized environments.
According to Trilio, TVK can not only help prevent ransomware attacks, but can also make sure that backups are protected so that in the event of an attack, an organization can get up and running without having to risk spending bitcoin in an attempt to restore data.
"Once your data is gone, there is no guarantee that it's going to be given back to you," Prashanto Kochavara, Trilio's director of product, told Data Center Knowledge. "These malicious actors may tell you they have your data, but for all you know they could have actually just deleted it and they're just trying to get money out of you. Even after paying, there is no guarantee that you can get your data back and resume business operations."
In most cases, it's also not possible to recover the lost data by restoring a backup from before the breach.
"The attackers know that everyone is doing backups to recover from issues," he said. "They understand how your backup data and how your secondary storage for recoverability is constructed. They will attack that first, then attack your primary data, because then they have basically paralyzed you from recovering from the attack."
Ransomware by the Numbers
There's good reason why Trilio has increased its ransomware protection and mitigation efforts in TVK 2.5, even though the software already offered ransomware protection.
"There are 300 million cases of ransomware attacks each year," Kochavara said. "This has been steadily growing year-over-year, month-over-month and day-over-day."
In fact, he said, the number of ransomware attacks has accelerated by 72% since the beginning of the pandemic, with the cost of dealing with a successful attack also on the rise.
"The cost of a ransomware attack has increase by 170%, roughly to about $312,000," he said. "This includes the opportunity cost — having downtime and everything — as well as the actual ransom that these attackers are seeking."
Kochavara said that the steep rise in the number of attacks has been fueled by the large numbers of people working at home to escape COVID, as well as the pandemic-related increase in the amount of business that's being conducted online instead of in person.
"One of the biggest reasons for this increased number of ransomware attacks is the pandemic, which has really accelerated the push to digitization," he said. "Everyone's doing a lot more online-related activities and operations, because everyone's more at home. To make things worse, people are accessing corporate systems from their mobile devices, and as we all know, we don't really end up applying policies as to how they should be configured for accessing corporate systems."
The increased security issues brought about by the pandemic aren't likely to go away when the pandemic ends, he added.
"The digitalization is going to continue to grow, and people using something like handheld supercomputers is going to keep going up, so this problem is not going to go away," he said. "It is a problem that needs to be addressed sooner rather than later, because on one side you have the good guys focusing on protecting and on the other side you have the bad guys focusing on destroying, so you have to make sure you're putting your best foot forward right from the get-go."
TrilioVault for Kubernetes 2.5 attacks the issues associated with ransomware on several fronts. Kochavara said it can often detect and neutralize an attack before any damage is done and make it impossible for attackers to delete or corrupt the backups needed for recovery. They do this by aligning with the best practices detailed in the Cybersecurity Framework from the National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE).
"What NIST and NCCoE say is that there are three pillars that you need to ensure whenever you're building any cybersecurity solution," he said. "The first pillar is 'identify and protect,' the second one is 'detect and mitigate,' and the third one is 'recover.' It's pretty simple: You want to make sure that you're protecting your assets; if an attack is happening, that you are able to detect and mitigate it; and once you know that an attack has happened, you want to recover from it."
To protect backups, TVK now includes a feature it calls Backup Immutability, which uses S3 Object Lock, an Amazon Web Services API for preventing stored objects from being deleted or overwritten. Unlike other systems using similar methods, Trilio lets users set policies at the application level for flexibility and control, which is particularly useful in multicloud infrastructures.
TVK also allows users to encrypt their backups, both at rest and in transit, using a Linux Unified Key Setup (LUKS) encryption format with an AES-256 cipher algorithm so that backed-up data can't be read or stolen. In addition, the software has moved beyond AWS with this release and can natively store data in Microsoft Azure's Blob and Google Cloud Platform's Object Storage. Support has also been added for OIDC, LDAP and cloud authentication providers, meaning customers can use the same authentication tools for TVK that they use elsewhere.
For ease of use, support for multi-namespace backups has been added with this release, making it possible to capture multiple namespaces in a single backup instead of having to do separate backups for each namespace.