As backup and recovery products and solutions evolve, they are beginning to intersect with security and compliance. Online backup and recovery software company Asigra has announced a new version of its software that addresses the risks posed by ransomware and non-compliance with Article 17 of the European Union’s General Data Protection Regulation (GDPR). Both should be a concern for organizations of all sizes, from global enterprises on down to small/medium businesses.
Let’s take a look at the new capabilities that Asigra is bringing to market with the version 14 release of its Cloud Backup software, and why these capabilities are an important evolution in backup and recovery.
Ransomware has certainly become a huge threat over the past few years. It’s predicted to become a $11.5 billion global “industry” by 2019, according to Cybersecurity Ventures, and anyone can become a target. Asigra describes how the ransomware attack techniques have become more sophisticated over the years.
In the early days of ransomware attacks, the bad guys would plant a virus on a desktop or somewhere on a network, and once it was detonated the malware would encrypt all the local data. Victims who were smart enough to have a recent data backup could recover without the paying the ransom. Those victims without a backup had little choice but to pay up to unlock their data. Seeing they were missing out on revenue opportunities, the attackers upped the stakes by also destroying backups when they encrypted the primary data. In defense, IT administrators took to creating multiple backups, one of which was kept offline to ensure there was always at least one way to recover lost data.
But attackers took another step in this cat-and-mouse game. Asigra describes the latest malicious tactic as “Attack-Loop.” In this scenario, the bad guys attack the backup software itself, often through well-known APIs in the backup software applications. Now when the malware lands on a network, it sits there quietly for several months. In the meantime, the organization is creating its regular backups, including the air-gapped backups that will be stored offline. The problem is the malicious software is also getting backed up each time until it is propagated throughout every possible recovery version. After many months, the malware detonates and encrypts the primary data. When the administrator performs a restoration from backup, he’s bringing back the malware, which detonates again, thus creating this endless loop of restoring the malware to the production environment. It’s difficult to end the loop because it’s unknown when the original infection took place, and how far back the company has to go to get a clean version of its data.It’s a very clever and nefarious kind of an attack.
Another attack technique involves looking for well-known names of the backup repository directories — typically something like /BAK — and deleting all the files in that directory, thus making a recovery from backup impossible.
This is where backup and security meet to combat the latest threats from ransomware.
Backup and security join forces
Asigra addresses the Attack-Loop problem by embedding multiple malware detection engines into its backup stream as well as the recovery stream. As the backups happen, these engines are looking for embedded code and use other techniques to catch the malware, quarantine it, and notify the customer to make sure malware isn’t unwittingly being carried over to the backup repository. On the flip side, if the malware did get into the backup repositories at some point in the past, the malware engines conduct an inspection as the data is being restored to prevent re-infection.
Asigra also has added the ability for customers to change their backup repository name so that it’s a moving target for viruses that would seek it out to delete the data. In addition, Asigra has implemented multi-factor authentication in order to delete data. An administrator must first authenticate himself to the system to delete data, and even then the data goes into a temporary environment that is time-delayed for the actual permanent deletion. This helps to assure that malware can’t immediately delete the data.
These new capabilities make it more difficult for the bad guys to render the data protection solution useless and make it more likely that a customer can recover from an attack and not have to pay the ransom.
A certificate to verify GDPR compliance
Another new feature that Asigra has incorporated into its Cloud Backup is the ability to address the Article 17 “Right to Erasure” provision of GDPR, also known as “the right to be forgotten.” This EU privacy requirement allows an individual to request that a data controller (i.e., a company that possesses personal data pertaining to individuals) remove all records pertaining to that specific person if it is feasible to erase them. This certainly includes production data, and by most interpretations of the regulation, backups as well.
Asigra consulted with the Information Commissioner’s Office (ICO) in the United Kingdom to determine what an effective response would be to a request to remove an individual’s personal data. Based on that discussion, Asigra created a certificate that is generated by its backup recovery software that addresses when an original file was backed up, how long it was kept, how many generations of file backups exist, who deleted it, and when it was deleted. This certificate can then be given to an ICO to verify that the data controller has made a best effort to comply with the individual’s request to have his or her data erased.
Big penalties for non-compliance with GDPR go into effect May 25, 2018, and this certificate is one more tool that organizations can use to prove they are making an earnest effort to comply with the regulations.
These capabilities to combat ransomware and to comply with GDPR are good examples of how backup and recovery solutions are evolving to provide extra value to customers beyond simply backing up data and restoring it when needed.