Caringo: Object Storage Helps Protect Data from Ransomware

Amid concerns over high-profile ransomware attacks, protecting data is a growing concern for many organizations. Object storage solutions may offer some relief.

That’s according to Ryan Meek, product manager for Caringo, noting during a July 11 webinar that features inherent in object storage work to continuously protect data from exploits such as WannaCry and EternalBlue, with the use of HTTP.

There are often “nasty consequences” from an attack by network worms and computer viruses that “propagate themselves” through ransomware attacks, he said, noting that a wide range of industries have been targeted. “It’s everyone” that’s affected, he said, pointing to a study by Symantec and Datto in which 1,100 employees of managed service providers were surveyed in September.

According to that survey, services companies were affected most by ransomware attacks from January 2015 to April 2016, with 38% of global ransomware infections perpetrated on that industry. Manufacturing was No. 2 at 17%, followed by public administration at 10%, finance/insurance/real estate at 10% and wholesale trade at 9%.

The leading cause of ransomware infections was spam and phishing emails, at 46%, followed by lack of employee training at 36%. Malicious web sites and web ads accounted for 12% of ransomware cases, according to that study.

Among the most “concerning” ransomware targets were hospitals, Meek said, pointing to several U.K. hospitals that were impacted by a recent ransomware attack. Those are examples of “mission-critical infrastructure running computers that need to be protected,” he said, but added: “Realistically, they will not be protected all the time.” Therefore, companies need to “futureproof your infrastructure from the ground up” in order to protect their data from such attacks, he said.

The WannaCry ransomware attacks started in May and were “particularly nasty,” encrypting customer data and then demanding ransom via Bitcoins to unencrypt that data, he said, adding that data wasn’t unencrypted in many cases, even after payment was made. The attacks impacted Windows users specifically, which raised the question “whether Windows should be an operating system on a mission-critical enterprise” to begin with, he said, noting that lapses in Windows security happen “over and over again” and have been consistently targeted by hackers. The incidents provided another clear reason why it’s so important for people using Windows to remain up-to-date on network patches/security updates, he said.

In stark contrast, the underlying operating system used by object storage systems like Caringo’s Swarm is typically Linux, not Windows, he pointed out. Ransomware programs depend on finding file systems that they anticipate, and then using Windows encryption application program interfaces to encrypt the data, he said. With object storage, “there’s no real legacy file systems for something like WannaCry to actually find the data,” he said, adding: “If you don’t give it a file system that it expects, there’s no way for that thing to find that data.” Access can also be limited internally and externally by IP address with object storage, he said.

Swarm additionally offers next-generation data protection that “loads on servers and creates a black box server appliance” with no visible operating system, he said. There’s also no method for logging into the storage servers, he added.