You can use Oracle Cloud Infrastructure (OCI) services to mitigate ransomware by encrypting data at rest and in flight, while providing a robust system of data lifecycle management and backup policies to protect your data.
Protecting your data from attacks
Despite the surge in ransomware solutions, we already have everything we need to protect your data against an attack. Standard disaster recovery strategies cover most situations when applied properly.
Everyone has heard of disaster recovery, service level agreements (SLAs), and data durability. Many factors affect your environment. Operator error is often cited as one of the most common issues with data loss, so how is ransomware different? It deeply impacts your business operations, potentially crippling your business, causing loss of reputation, and even causing a full-scale disaster where complete and irreversible data loss can occur.
Many of the same strategies and methods that we utilize on existing systems can mitigate and protect your users against ransomware attacks.
Most important: Backups
I can’t stress the important of backups, more specifically, the steps of backup and encrypt, verify, and validate, and functionally test. The infrastructure needed to protect you and your business, customers, and staff against these attacks focuses mainly on data storage. You can always rebuild a server, but rebuilding data can often be impossible, which is why this new attack vector is emerging as the most prominent method of business attack and extortion in every industry. With a revolution in technology came digital transformation of existing business processes.
Using existing deployment tools and building on a modern deployment style with orchestration, you can easily rebuild your systems in the cloud and deploy your data to them. Simple aspects can’t protect other aspects to ransomware though. Important information, such as proprietary data, patient information, and private user data, is often the target of such attacks.
When creating a disaster recovery scenario, the process is most often looked at through the lens of an administrator losing a site or service because of a system failure. With ransomware, you also need to consider that simply having the data is a liability. So, you need thorough encryption of backups, proper key management, and a method to verify that the data hasn’t been tampered with. For that security, you need a secure logging facility, secure key management, immutable data, data versioning, a recovery procedure, and a method to verify your data.
How OCI can help
Oracle Cloud Infrastructure offers the following services and prepackaged services, such as Data Guard to protect your systems, services, and most importantly, your users.
You can find a thorough guide to disaster recovery and best practice at the Oracle Best Practices Framework Guide with a highlight on protecting your data.
Block Volume
Oracle doesn’t recommend storing data that needs protection from ransomware on Compute instance boot volumes or Block Storage volumes. If such protections are required, you can use OCI Identity and Access Management (IAM) policies to remove the permission to delete Block Volume backups from all admins except the tenancy administrator. You can also use Block Volume backup and replication policies to protect operating systems and copy these backups to OCI Object Storage for further protection.
Object Storage
For data stored in Object Storage buckets, you can create an automated process to copy data to an Object Storage bucket with a locked retention policy. When placed in the target bucket, the data can’t be changed or deleted by anyone, not even the tenancy administrator.
File Storage
File Storage provides shared file systems between systems at the application layer. If these file shares contain important data that are at risk in a ransomware event, we recommend using Block Storage backup policies to back up your data to an Object Storage bucket with a locked retention policy regularly basis, which maintains an immutable copy of the data.
Compute instances
Like on-premises servers, Compute instances in OCI should use properly hardened operating system (OS) images, such as the standard Oracle Linux images provided by OCI. Oracle Autonomous Linux provides these functions by default. Update these operating systems regularly either by rebuilding the systems from the latest image on a regular cadence or by patching the operating system in-place. Access at the operating system level needs tight control with automated mechanisms used to distribute SSH keys or to connect to centralized identity systems using PAM modules or Active Directory.
Conclusion
For more information on the topics discussed in this blog, see the following resources: