• 15 June 2021

Ransomware: Could Someone Prevent You from Going to Air?

Ransomware: could you be prevented from going on air?

Ransomware: Could Someone Prevent You from Going to Air?

Ransomware: Could Someone Prevent You from Going to Air? 1024 576 Object Matrix
If you have any centralised data storage or computer resource, like network attached storage (NAS), you should be concerned about CyberCrime. If you have people accessing those platforms from remote locations then you should be very concerned indeed about CyberCrime.

Cyber attacks are on the rise with content creators and broadcasters being targeted.  You can’t fail to have missed the 2017 WannaCry Ransomware cyber-attack that hit 150 countries, 1000’s of computers, and brought several hospitals in the UK to a halt. The temptation reading about these attacks is simply to think, “I keep my computers up to date so it couldn’t happen to me.” Or, my critical data is on a NAS device so I don’t overly care if a PC gets compromised”. Think again. Sooner or later we will all come under attack.

Some attacks are generic, like WannaCry, but other attacks are highly targeted. And, whether we are in large companies like Sony Pictures with their well-publicised issues (https://en.wikipedia.org/wiki/Sony_Pictures_hack) or a small company like my own that had emails going from the CEO to the CFO asking for bank transfers to be carried out (they were, of course, fraudulent) we are all potential targets.

And here is a big issue: Media Production companies are particularly vulnerable because many of them keep all, or a significant portion, of their information assets in very few places. This is especially true where access, from anywhere, is via unsecure protocols and procedures from legacy storage platforms.

Take these two scenarios.

  1. Tactically Cheap as Chips
    You got a great deal on one huge NAS device. Not thinking strategically about the future, you decided to consolidate the bulk of your information onto that single solution.
  2. Legacy Platforms
    Your broadcast technology estate is in need of a refresh but you want to sweat that old production, nearline and backup storage for just another 12 months. None of these platforms have particularly modern operating systems or security defenses so the firewall and the VPN are all that is keeping the hackers at arm’s length.

Along comes a Hacker.

A hacker compromises the firewall and a PC with access to the NAS / SAN or legacy storage devices. That PC happens to have access to a large number of files that are critical to the business.

It could be a disgruntled employee or a kid in a bedroom 2,000 miles away, but now the hacker runs an encrypt or destroy app. It doesn’t need to take long. A targeted application doesn’t need to encrypt every byte – just enough to make the files it touches unreadable. And to therefore lock them. Just for added measure, it encrypts the well-known metadata controller of your storage device. And, now it destroys itself. Getting an unencrypted key is nigh-impossible. Hey presto. Your millions of dollars of assets are now under ransom, but for just one of those millions, you might get an unlock key. If you are “lucky”.

I’m sure there are worse scenarios, but if you believe that this type of attack won’t happen in the future then you are wrong. Look at Sony, read the recent press. It won’t be a one-off. It’s happening now to other creative companies across the globe.

Coping Strategies

Strategies to defeat this type of hack are possible. Firstly, disaster recovery systems, replication, and back-up are key to being able to get data back if this occurs. But a deep and clever hack attack may target those systems as well. Care must be taken not to back-up or replicate the hacked data. Another challenge is that as a large media producer handling potentially petabytes of data, backing up everything is sometimes…, well let’s say “asynchronous”. That is to say, a subset of the data might not yet be backed up.

Another strategy is to keep your data behind a firewall. A very strong firewall. And then to only let out copies of data that are for (e.g.,) media editing, checking back in edited versions. This is the strategy promoted by object storage as it sits behind an object storage API.

Speaking to Francisco Ontoso, CTO of Object Matrix who provide MatrixStore an object storage solution for the media industries, he stated:

MatrixStore has been proven in a major real-world hack against a production company to have not only kept data safe during that attack but also to have tracked/audited that the data was safe. There simply wasn’t a filesystem interface for the hackers to walk through and the security on the API meant the hackers would have had to have had access to a special set of keys. We call this Digital Content Governance (DCG). No system is full-proof but digital content governance can provide extra layers of security.”

In your Digital Content Governance strategy the following considerations should be included:

  • Disaster recovery and business continuity via replication
  • Immutable content buckets with flexible retention periods
  • Full protected audit of actions on the cluster (including reads, writes, updates, and administration actions)
  • Lock-down media library access to API only, therefore restricting access from common protocols (e.g., filesystems) and protecting access to only those with security credentials
  • If Samba (SMB) is to be used mounting it externally avoids some of the security holes. Furthermore, the Samba instance can be given access to only a subset of the assets (e.g., not the full media archive)

The OM View: How to Keep Your Data Safe

On-demand workflows and the ability for creative professionals to self-serve content from anywhere means that it is not possible, nor recommended, to have data disconnected from the rest of the organisation sat on tapes on shelves. They weren’t that good anyway. Fires have burned down many an archive.

However, things are getting tougher. Too much cyber-crime has “paid” and the recent cyber attack will only make criminals and malicious individuals more targeted in the way they attack. You have a lot of wealth in your data. That data is vulnerable.

  • Avoid having access to large swathes of data from a single PC / login. It is a major security hole.
  • Think about your backup, disaster recovery, and replication strategies with the hackers in mind. The hackers will compromise a PC at some point. What could a determined hacker do from there?
  • Think about keeping data safe in purpose-built storage that adheres to good DCG principles. Exposing everything via a filesystem is extremely dangerous. Consider on-premises object storage for this. Get into the mind of the hacker when forming your digital content governance strategy.

Normally at this point, it is common to say “don’t worry but attacks are rare and you are unlikely to be a victim of crime.” They aren’t rare. You will be attacked. Don’t be a victim.

About Object Matrix

Object Matrix provides integrated and automated digital content governance. Based in Cardiff (UK), it has an impressive track record for providing tightly integrated digital preservation platforms and is trusted by global broadcasters, telcos, banks and utilities companies to ensure their video content is always available. Customers include Globo, Fox Sports, France Télévisions, BT, the BBC, Sony Pictures, NBC Universal, Deutsche Bank, Imagina, EDF, TV Globo & the Miami Heat to name a few. Object Matrix is comprised of a team of storage industry experts with a shared vision for high levels of data security combined with intuitive user interfaces. In addition to providing solutions and product integrations for the storage, search and retrieval of media assets, Object Matrix also provides consultancy, training, systems integration, and ongoing support services.

Enjoying the post? Share this story!