#219 – Anatomy of a Ransomware Attack

#219 – Anatomy of a Ransomware Attack

Chris EvansData Management, Data Protection, Guest Speakers, Storage Unpacked Podcast

This week Chris chats to Tony Mendoza, Senior Director of IT at Spectra Logic. The conversation covers the ransomware attack experienced by Spectra in May 2020 and the subsequent response to deal with the problem. On 7th May 2020, the company detected a ransomware exploit was encrypting files across application servers. In their place was a plain text file, demanding money for the decryption key and software. Fortunately, as a storage company, Spectra has a robust and well documented backup and recovery strategy that helped mitigate problems caused by the attack.

However, disaster recovery and ransomware recovery plans are somewhat different. As Tony explains, restoring data is one aspect of recovery, but getting back to normal operations means rebuilding trust and credentials management systems like Active Directory. The ongoing issue of ransomware is one that will evolve, requiring businesses to keep on top of the challenges and continually review ransomware recovery plans.

Tony highlights some good advice in this recording. Use multiple data protection methods; create an air gap (physical or logical) between backups and data. Immutable snapshots are a good example of this. Above all, expect a breach and have a plan in place to recover when the problem occurs.

To learn more about the ransomware attack, follow the link to the Spectra Logic website for access to a white paper and follow-up video. This link – https://spectralogic.com/attack-hardened/ – discusses the attack hardened approach Tony mentions in our recording.

Elapsed Time: 00:30:28

Timeline

  • 00:00:00 – Intros
  • 00:01:27 – What happened in Spectra Logic’s ransomware attack?
  • 00:02:00 – COVID was an opportunity for more attacks
  • 00:03:58 – Hackers left behind ransomware text files
  • 00:05:50 – How did Tony protect non-infected systems?
  • 00:06:38 – Spectra had insurance which offered support (and the FBI)
  • 00:08:00 – Having a BC/DR plan helps understand the challenges of ransomware
  • 00:09:41 – What options do businesses have, following an attack?
  • 00:11:30 – Spectra had a robust data recovery system and all the data
  • 00:12:16 – Attacks could result in data and credentials egress
  • 00:15:27 – How is the recovery point determined?
  • 00:18:30 – Ransomware will become more advanced, requiring new thinking
  • 00:20:16 – Recovery isn’t instant and requires thinking about data flows
  • 00:23:00 – Spectra has been brave to admit to a ransomware breach
  • 00:24:30 – Do we need ransomware certification?
  • 00:27:27 – Companies must take ransomware seriously
  • 00:28:40 – Wrap Up

Related Podcasts & Blogs


Copyright (c) 2016-2021 Unpacked Network. No reproduction or re-use without permission. Podcast episode #kfkx.