Ransomware takes one of our customers hostage

Last week we got a call from one of our clients. They had been taken by a ransomware attack. You can imagine the panic. However in less than an hour, we had their services back up again and we were able to protect them against potential future attacks.

How we could restore them on short notice ?

GIG takes snapshots of all the data in all the virtual disks on a regular basis, even if the customer has not set up manual or automated snapshots. Snapshots for all virtual disks are securely stored:

    • Weekly for a month
      Daily for a week
      Hourly for 2 days

On short notice we were able to identify with the customer when the attack had happened and we were able to restore the right snapshots. This brought them back up with limited data-loss.

How our storage technology enables us to do this?

GIG does not store the content of block devices as a combination of the current blocks (as most storage solutions tend to do), but rather stores all transactions that happen with a block device (remove block, add block, change block, ...) as one long transaction log.  This transaction log then gets erasure-coded to our high performance, highly reliable back-end object storage.    So the only thing we need to retain is the time at which we want to take a snapshot and the blocks in the backend that allow us to restore the snapshot at that moment of time.

This means we can take snapshots without any performance impact in microseconds and on top of that, the real cost of storage to keep a long list of snapshots is a lot smaller than with normal storage technologies.

Being able to work with snapshots with limited storage volume impact and virtually no impact on storage performance, allows us to keep many more snapshots than you would normally be able to do.   A smart way to deal with Ransomware on GIG.

Using GIG's built-in security functions to avoid Ransomware

GIG comes with a set of built-in security features to help you protect against Ransomware.  Customers that implement these best practices have a significantly lower chance of becoming a victim of ransomware.  As an example our client implemented VPN access into the virtual router of their VDCs and closed down all SSH and RDP ports directly connected to the internet.  They are also in the process of moving the critical resources to a private VDC and connecting these behind a bastion server.

More information ?

Categories:

No responses yet

    Leave a Reply