Protecting the storage environment against ransomware

Storage environments that are connected to the internet can be the target of ransomware attacks. You can take steps to help protect your storage environment against ransomware and help ensure that you can recover your servers and clients if an attack occurs.

About this task

Ransomware is malicious software that is used to gain access to a computer system and encrypt the data. Typically, the initiator of the ransomware attack encrypts data and then contacts the owner of the data to demand a ransom. If the ransom is not paid, the initiator of the attack threatens to leave the data encrypted. For this reason, you can help to protect your storage environment against a ransomware attack by storing a copy of the data at a location that is not accessible from the internet.

One possibility is to back up your database to tape and back up clients to copy storage pools on tape, and then transport the tape volumes to a secure, offsite location. If you use this strategy, you can enable the IBM Spectrum Protect disaster recovery manager (DRM) function to track the movement of offsite media and register that information in the IBM Spectrum Protect database. DRM consolidates plans, scripts, and other information in a plan file. You can use the plan file to recover your servers and clients after a ransomware attack.

Procedure

  1. When you plan your storage environment, consider whether to use tape as a storage medium, and whether to transport the tape volumes offsite. For instructions about setting up tape storage, see Tape solution.
  2. When you plan your storage environment, consider whether to use the DRM function to help recover from a ransomware attack, unplanned outage, or disaster. For an introduction to DRM, see Preparing for and recovering from a disaster by using DRM.
  3. Review the policies that are set for your storage environment to ensure that enough backup copies are retained, and that the copies are retained for a sufficient number of days. If your newest files are encrypted by ransomware, you can still access previous versions. To set policies, use the Operations Center or the DEFINE COPYGROUP and UPDATE COPYGROUP commands. For information about preferred settings, see Retention and expiration of backup versions.
  4. Monitor your system daily to detect ransomware as soon as possible. For more information, see Daily monitoring checklist and Periodic monitoring checklist.