In July 2015, following weeks of research, we identified a trend in ransomware attacks. The question we then posed was “Is it a possible scenario that ransomware campaigns become a significant threat to enterprises, and take control over large Data Centers?” You can read more about it in Misha’s blog regarding Data Center Ransomware. Unfortunately, less than a year later, our prophecy is becoming a reality. No, Israel’s power grid wasn’t hacked, but ransomware hit Israel’s Electric Authority. No, Los Angeles County health department wasn’t closed but it was targeted in ransomware attack. Yes, other ransomware attacks are able to shut down the network and Data Centers, “forcing the hospital to return to pen and paper for its record-keeping”.
While those attacks are annoying and cost a lot of money to fix, they are not crippling since the attackers were not able to reach the location of the data itself. Watching Mr. Robot? Think about fsociety encrypting all the files and deleting the key. I respectfully disagree with Corey Nachreiner (@SecAdept). It makes a lot of sense to encrypt instead of just delete the files.
So what’s next? And more important: Is there a way to protect against such attacks?
Obviously there are methods to prevent and protect against ransomware but it requires many layers of defense, including employee awareness and the ability to overcome the urge not to click on any icon.
Once inside the Data Center, there are fewer solutions and we at Guardicore believe that we have the right tools to identify and mitigate a ransomware attack in real time, after it has penetrated the perimeter and bypassed security defense and before it reaches its most valuable target inside the Data Center.