We all know that data encryption is a good thing to have when we wish to secure our data from a roving eye. Throughout the history of the digital era and computing, many companies invested in, and enhanced, data security and encryption to keep our personal data secure; BUT, what if data encryption is used for a different purpose? What if encrypting our data is used against us; to hold us hostage to the recovery of our own personal data?
Recently, we heard exactly what I was describing earlier, something called Ransomware, a malware that encrypts your data, hard drive, etc… and you are required to pay money for the decryption key to recover your own data.
On this blog, I will not repeat everything you already know about the Ransomware; but I will discuss the relationship between tape backups and this type of malware.
On reviewing all the news and articles with suggests on how to protect yourself from ransomware, I can see one big winner from all these articles and stories; backup to tape.
I have worked with backups and their technologies for 18 years, and backup to tape is still my favorite backup solution. (We are not discussing SLAs, etc. in this blog) In my opinion, this is still one of the cheapest ways to backup and store data; these days I think it has also proved to be the most secure way to store your data. A quick check back through the history of computers will show that tape technology is the oldest technology still use in today, and regardless of all the rumors around the end of life of tape use, I don’t see this happening in the near future.
Why Tape is Better in the Era of Ransomware
Backup to disk is fast to perform, and faster to recover, but this speed of operation has a downside. Disk backup storage is usually always online and provides malware with an attack surface that is always available to viruses, malware, and more recently, malware as ransomware. Of course, there are many ways to secure your disks and disk storage; but if someone wants to attack you, then your connected disk storage provides them with a possible starting point to harm you and your business.
On the other hand, the operation of tape backups is fundamentally different. After you have completed your backup to tape, you will normally eject the tape and then store it locally in your company safe, or you will send it off-site to an approved secure tape storage repository. This breaks the connection to the digital world, and so also from the hostile aspects of it, providing a safe and secure environment from malware attack.
Story from a Law Firm
Last year, a law firm run and managed by a friend of mine asked for my help to build a backup strategy to protect the company files and their customer cases. During the discussions with the manager, I explained why I preferred the backup to be stored on tape, in addition to the backup disks. I explained that disks are good, but disks can fail, and it is usually only a question of when; therefore, another copy on tape is a much-preferred option.
After some discussion, the management agreed to my suggested strategy, and a backup tape was acquired and put into action. The company depends on unstructured flat file data, so I configured the backup job to run every week. This was calculated maximize the Return of Investment (ROI) of the Quantum LTO7 Tape drive.
Last week the firm called, asking for help with a password for their fileserver. On checking their server, the message was clear; it was the same message that thousands of people had received worldwide that weekend; Ransomware.
The recovery action was immediately started; disconnect from the network, format the Windows server, and restore the files from tape. Why not from the disks, you might ask; well, the NAS was ransomware encrypted with the server.
In less than an hour, we had our customer up and running on that Monday morning. None of the company’s customers were aware of the challenge facing the company, and normal operation was restored without further incident.
Conclusion
With all the news running on the radio, TV, and in social media etc., about Ransomware; I see only one winner from all this chatter, and that is tape backup.
If you have an offline backup to tape, your recovery from a ransomware attack may take slightly longer but will be much more certain than someone not using tape at all in their strategy.
Good article and very topical. Veeam’s capability to be able to counteract ransomware is second to none. Also for those looking to move away from tape as an offline target, Veeam’s integration with our Storage partners that provide Read-Only Snapshots, e.g Netapp FAS, Veeam is able to recover an Entire Windows server VM or VM’s including a single VMDK in seconds back to a point in time prior to the infection from an existing storage Snapshot, which can also cut down server formatting time as well. Finding the PC at fault will also help, as this will need to be disconnected from the Network as quickly as possible to minimise the damage, as well as a reimage, to counter any sleeper infections on the PC that may be dormant.
Thanks Rob, good suggestion and true for customers using Veeam and Storage integration.
And looking forward to Veeam TaaS – Tape as a Service
Hi Marty, thanks for your message. Once TaaS release as a beta, i will release the early review. probably on Veeam blog. Please stay tuned (always check the links page too).