• 22 May 2017

WannaCry Ransomware

WannaCry Ransomware

WannaCry Ransomware

WannaCry Ransomware 750 490 Object Matrix
WannaCry Ransomware: Could it happen to your Media Production Company?

If you have any centralised data storage or computer resource, like network attached storage (NAS), you should be very concerned indeed about CyberCrime and ransomware.

You can’t have failed to miss the WannaCry Ransomware cyber-attack that has hit 150 countries, 1000’s of computers and brought several hospitals in the UK to a halt (cancelled operations being amongst the issues). The temptation reading about the attack is simply to think, “I keep my computers up to date so it couldn’t happen to me.” Or, “my critical data is on a NAS device so I don’t overly care if a PC gets compromised”. Think again.

Cybercrime is on the rise and sooner or later we will all come under attack. Some attacks are generic, like WannaCry, but other attacks are highly targeted. And, whether we are in large companies like Sony Pictures with their well-publicised issues (https://en.wikipedia.org/wiki/Sony_Pictures_hack or a small company like my own that had emails going from the CEO to the CFO asking for bank transfers to be carried out (they were of course fraudulent) we are all potential targets.

And here is a big issue: media production companies are particularly vulnerable because many of them keep all, or a significant portion, of their information assets in very few places. This is especially true where access is via unsecure protocols and procedures.

Take this scenario. Your storage provider was running a great deal for you if you just buy one huge NAS device. Not minding the future, you decided to consolidate the bulk of your information onto that single solution. A hacker compromises a PC with access to the NAS / SAN and that PC happens to have access to a large number of files. It could be a disgruntled employee, or a kid in a bedroom 2,000 miles away, but now the hacker runs an encrypt or destroy app. It doesn’t need to take long. A targeted application doesn’t need to encrypt every byte – just enough to make the files it touches unreadable. And to therefore lock them. Just for added measure it encrypts the well-known metadata controller of your storage device. And, now it destroys itself. Getting an unencrypt key is nigh-impossible. Hey presto. Your millions of dollars of assets are now under ransom, but for just one of those millions you might get an unlock key. If you are “lucky”.

I’m sure there are worse scenarios, but if you believe that this type of attack won’t happen in the future then you are wrong. Look at Sony. It won’t be a one-off. It’s already happening now to other media production companies.

But strategies to defeat this type of hack are possible. Firstly, disaster recovery systems, replication, and back-up are key to being able to getting data back if this occurs. But a deep and clever hack attack may target those systems as well. Care must be taken not to backup or replicate the hacked data. Another challenge is that as a large media producer handling potentially Petabytes of data, backing up everything is sometimes… well let’s say “asynchronous”. That is to say a subset of the data might not yet be backed up.

Another strategy is to keep your data behind a firewall. A very strong firewall. And then to only let out copies of data that are for (e.g.,) media editing, checking back in edited versions. This is the strategy promoted by object storage when it sits behind an object storage API.

Speaking to Francisco Ontoso, CTO of Object Matrix who provide MatrixStore an object storage solution for the media industries, he stated:

“MatrixStore has been proven in a major real-world hack against a production company to have not only kept data safe during that attack but also to have tracked/audited that the data was safe. There simply wasn’t a filesystem interface for the hackers to walk through and the security on the API meant the hackers would have had to have had access to a special set of keys. We call this Digital Content Governance. No system is full-proof but can digital content governance provides extra layers of security.”

In your Digital Content Governance strategy the following considerations should be included:Disaster recovery and business continuity via replicationFull protected audit of actions on the cluster (including reads, writes, updates and administration actions)Lock-down media library access to API only, therefore restricting access from common protocols (e.g. filesystems) and protecting access to only those with security credentialsIf Samba (SMB) is to be used mounting it externally avoids some of the security holes. Furthermore, the Samba instance can be given access to only a subset of the assets (e.g., not the full media-archive)These and many other features are detailed in MatrixStore security datasheet.

The OM View: How to keep your data safe from ransomware

Gone are the days when data sat disconnected to the rest of the organisation on tapes on shelves. They weren’t that good anyway. Fires have burned down many an archive.

However, things are getting tougher. Too much cyber-crime and ransomware has “paid” and the recent cyber attack will only make criminals and malicious individuals more targeted in the way they attack. You have a lot of wealth in your data. That data is vulnerable. Avoid having access to large swathes of data from a single PC / login. It is a major security hole. Think about your backup, disaster recovery and replication strategies with the hackers in mind. The hackers will compromise a PC at some-point. What could a determined hacker do from there? Think about keeping data safe in purpose built storage. Exposing everything via a filesystem is extremely dangerous. Consider on-premises object storage for this. Get into the mind of the hacker when forming your digital content governance strategy.
Normally at this point, it is common to say “don’t worry but attacks are rare and you are unlikely to be a victim of crime.” They aren’t rare. You will be attacked. Don’t be a victim of ransomware.

About Object Matrix

Object Matrix provides integrated and automated digital content governance. Based in Cardiff (UK), it has an impressive track record for providing tightly integrated digital preservation platforms and is trusted by global broadcasters, telcos, banks and utilities companies to ensure their video content is always available. Customers include Globo, Fox Sports, France Télévisions, BT, the BBC, Sony Pictures, NBC Universal, Deutsche Bank, Imagina, EDF, TV Globo & the Miami Heat to name a few.

Object Matrix is comprised of a team of storage industry experts with a shared vision for high levels of data security combined with intuitive user interfaces. In addition to providing solutions and product integrations for the storage, search and retrieval of media assets, Object Matrix also provides consultancy, training, systems integration, and ongoing support services.