How the Cloud Can Nullify Ransomware

The entire world economy continues to struggle with ransomware, but the construction industry, in particular, is being hit hard.

Adobe Stock 250231748 Lev
©Lev –

The entire world economy continues to struggle with ransomware, but the construction industry, in particular, is being hit hard. According to recent research from NordLocker, 93% of construction firms worldwide have been hit with a ransomware attack, topping both finance and healthcare by significant margins. The number of attacks across all industries is now estimated to be in the thousands per day, with many more likely being unreported, and costs are expected to exceed $20 billion per year going forward

But while there is little hope that ransomware will ever be fully eradicated, there is a very high likelihood that it will cease to pose a major risk to business operations in the very near future. Additionally, the best news is that the solution is emerging on the same technology that has already provided the construction industry with the means to dramatically lower costs and boost productivity: The cloud.

Behind the Times

One of the initial functions of the cloud was as a backup solution for primary resources. The low cost and wide distribution of cloud storage infrastructure pretty much ensured copies of data were always available somewhere when primary sources were unavailable. While this satisfies the needs of normal data disruption or even attacks of limited scale, it has proven to be largely ineffective against the latest iterations of ransomware that can produce enterprise-wide disruption and a complete shutdown of business operations.

This is due to the fact that even in the cloud, massive data restoration is still a complex, time-consuming activity. At the speed of business today, even one day without data can be devastating, let alone the two weeks or more that it takes to restore even a moderately scaled environment. In many cases, it is cheaper to pay the ransom than to perform the restoration, which merely encourages the greater proliferation of ransomware and the continued disruption of normal economic activity.

To provide truly effective protection, the cloud must become more adept at the recovery and restoration of data, not just its protection. Most clouds already utilize object storage to a large extent, and this has the advantage of making data immutable, meaning it cannot be changed or encrypted once it is written. In the past, object storage was mostly used for long-term archival purposes and other applications that required static data, given that more active processes required the flexible nature of file storage.

Recently, however, advancements in snapshot technology have made it possible to create an all-new cloud-based storage architecture that combines the immutability of object storage with the dynamism of modern file-sharing. This promises to dramatically upend the ransomware game not just by making it more difficult to mount an effective attack but by reducing the attacker’s ability to bring systems to a halt even when they do succeed.

This new technique is an advance on traditional file-versioning, which enables restoration from recent copies of a given file rather than its original version. In standard file-versioning, copies can be minutes or even hours old and the idea is to call up the most recent non-corrupted version if primary storage is down or the original file has become corrupted in some way. Rather than lose the whole file, you may only lose a few hours’ or days’ worth of work.

Easily Thwarted

But even this is only marginally effective because most systems preserve copies for a few days or a week at best. This can be easily undermined by today’s malware, which has the ability to sit undetected within a target environment for weeks or even months before it activates. This means there are no uncorrupted files to retrieve and the enterprise is effectively at the mercy of the criminal who holds the decryption key.

That’s why the latest form of continuous file-versioning is such a game-changer in the fight against ransomware. By providing an infinite number of snapshots that can be called up in moments, recovery times can be cut down to minutes even when the breech has infiltrated massive volumes of data or is hampering the operations of scaled out infrastructure. Combine this with the massive redundancy of the cloud and emerging tools like global file lock and synchronization, not to mention increasingly intelligent data and infrastructure orchestration platforms, and construction firms gain the ability to maintain operations even in the event of a successful attack – often with data that is no more than five minutes old.

In today’s digital economy, the construction industry is under pressure to leverage data and infrastructure to the fullest extent to derive profits from increasingly tight margins. At the same time, the data footprint at most firms has pushed far beyond the data center into the cloud, the edge and individual mobile devices. This creates an ecosystem that cannot be effectively guarded against intrusion, so the focus must shift to a quick and effective recovery.

The combination of the cloud and continuous file-versioning produces not just a technological advantage over ransomware, but a tactical one as well. By implementing a recovery-first posture, construction firms will be able to minimize the damage done, both in terms of actual harm to data and systems and the impact on critical business workflows. With this peace of mind, organizations can rest a little easier knowing that they have little to fear from ransomware and far less need to shell out millions of dollars to get operations back on track.

And ultimately, this should upend the economics of ransomware and drive it into obsolescence.

        An unexpected error occurred: Network error: Response not successful: Received status code 500
    "message": "Cannot execute GraphQL operations after the server has stopped.",
    "extensions": {