Protect Your Data From Increasing COVID 19 Ransomware Attacks

By Hubert Yoshida posted 04-13-2020 20:55


DataBreachToday reports that ransomware keeps pummeling healthcare during the COVID 19 crisis.  "As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients," says Secretary General Jürgen Stock of Interpol, the international crime-fighting agency. “In addition to healthcare providers there have been attacks on the medical supply chain, research labs, medical device manufacturers and logistics companies, all of which have the potential to indirectly impact patient care and result in the loss of life."


Interpol says that criminals are increasingly disguising their attacks as coronavirus communications. Ransomware appears to be spreading primarily via emails falsely claiming to contain information or advice about coronavirus from a government or health agency and encourages recipients to click on an infected link or attachment. There is even a ransomware as a service provider, Sodinokibi, aka REvil and Sodin, who gets a cut when an affiliate infects a system and a victim pays a ransom.


 Microsoft warned that they have been seeing an uptick in Sodinokibi attacks, including affiliates looking for vulnerable VPN installations since remote workers have suddenly increased the traffic on virtual private networks during the COVID-19 pandemic with managed and unmanaged devices and unsecured home networks. While healthcare may be some of the most vulnerable targets, other industries are also being hit by their VPN vulnerabilities. Travelex appears to have been hacked via unpatched VPN infrastructures and negotiated a payment of $2.3 million in Bitcoin to recover their data from Sodinokibi.


What should you do if the bad guys breach your networks and encrypt your data? Can you afford to take the time to rebuild your data or to negotiate the recovery of your data? If lives are in the balance you may just pay the ransom to recover the data as quickly as possible. But how do you know the data is not corrupted and how do you know that the bad guys have not kept a copy for later extortion?


The best way to protect your data and recover it immediately is to store your data in an object based storage system that encrypts the data to protect it and versions the data so that any changes to the data will not affect the current version which is replicated in different locations. If someone happens to be able to access your data, that data is your encryption so the bad guys would not be able to use it. If they encrypt it to deny you access, that new encryption is a new version, and you are able to continue working with the prior version. The Hitachi Content Platform provides this basic protection from ransomware as well as Enterprise File Synch and Share (EFSS) with HCP Anywhere, a service that allows users to save files in cloud or on-premises storage and then access them on other desktop and mobile computing devices. In the event of a ransomware attack, your employees keep working as they continue to access their most frequently used data, from any web browser or mobile device. HCP Anywhere edge file services deliver centralized data protection management and reporting across all of the different places where file services are delivered. To users and applications, HCP Anywhere looks like a traditional file server, but it actually connects to HCP for added storage and data protection, leaving administrators confident that their files are secure. HCP Anywhere can also back up any folder, even if it’s not located in HCP Anywhere, delivering an extra level of security.


Hitachi’s VSP arrays also have a built-in Hitachi Data Retention Utility to lock down a copy of production data for a user-defined period of time. This data cannot be deleted, edited or encrypted during the retention period, and it takes just seconds to revert this data to undo damage done to production data by ransomware and other malicious attacks. This data retention utility can be orchestrated by the Hitachi Data Image Director, (HDID) an enterprise copy data management software platform. HDID automates and orchestrates a range of data copy and movement technologies, to greatly enhance and simplify business continuity, disaster recovery, and physical or virtual copies to support secondary functions, such as development, test and marketing, with separate schedules (recovery point objectives or RPOs) and retention periods, in any location.


Protect yourself from Ransomware attacks especially during these critical times by updating your VPN infrastructure and educating your users against phishing attacks. Protect your data and ensure rapid recovery in the event of an attack through the use of HCP, HCPAnywhere, and HDID with VSP Data Retention Utility.