Stuffing Data In your Mattress and Other Strategies to Stave Off Ransomware

The notion of stuffing money in (or under) a mattress is a phrase that most people have heard of. A recent internet search offered very little information on the origins of the concept. Some believe that this concept became prevalent in popular culture due to the Great Depression-era bank runs, where the public lost confidence in banks, panicked, withdraw money and sought refuge in holding physical cash and stuffing it under the proverbial mattress.


Since banks only hold a fraction of deposits on hand with the rest invested in mortgages and other investment to meet longer term obligation, some banks at that time were unable to fulfill the demands. This in turn panicked the public even further thus triggering further withdrawals, ultimately pushing banks into actual insolvency. Classic self-fulfilling prophecy.


In effect, withdrawing cash was an effort of banking customers to keep the money from being taken by (or lost to) forces outside the control of the depositor.


In the first half of 2021, global ransomware attacks increased by 151% when compared with the first half of 2020.


In a somewhat similar fashion, computer systems and their data are crucial to running almost everything and are arguably even more valuable than money. Data is also continuing to be vulnerable to forces outside the control of the user. Cyber-attacks and ransomware, continue to ravage IT systems of all stripes and demonstrate how outages can affect the lives of millions. Although ransomware was observed as early as 1989, the recent TellYouThePass ransomware attacks, exploiting a critical vulnerability in the Apache Log4j software serves to remind us that the threats from malicious actors continue to become more sophisticated and prolific. Nothing illustrates this point more that “ransomware-as-a-service” packages, readily available on the internet, making it easier for threat actors to carry out attacks.


The IT Data Under the Mattress Approach


Developing a robust cybersecurity framework is a must in today’s environment. Having safe backups, programs and software sources to restore your systems is a key component to protecting against ransomware. The surest way of being certain that malware or ransomware has been removed from a system is to do a complete wipe of all appropriate systems and reinstall everything from scratch. A widely accepted industry best practice is the 3-2-1 backup strategy, where three copies of data, are stored on two different types of media, with one copy stored off-site.

A part of off-site backup strategy is what is referred to as “Air Gapping,” the practice of physically isolating devices, applications and data from corporate networks and the connected world. The IT equivalent of stuff money in a mattress.


Initially developed as a strategy used by governments, air gapping is now common in the private sector. The term “air gap” is merely metaphoric description of the conceptual gap required by the physical separation between the computers. Proper air gapping requires that no direct connection to the internet or to any other computer that is connected to the internet. To ensures total isolation the systems need to be protected electromagnetically, electronically, and most importantly, physically from other networks.


Colocation Facilities - an IT Mattress


Air gapping has for years been a gold-standard in cybersecurity and the crucial part of this strategy is the physical separation. In some cases, separation was simply a dedicated computer, physically unattached to any other computers or networks, but still on premises.


For a backup to be useful, it must be kept up to date and easily retrievable. Increasingly, companies are turning to collocation facilities for the air-gapped storage needs. These critically secure and highly available physical environments provided in these data centers, offers a perfect environment to locate and store these back-up systems. Best practises prescribe that air-gapped systems must transfer updated data - physically. Data transfer is generally handled by removable drives (such as USB or other external media) going back and forth between the air-gapped system and a fully connected system. Another feature of colocation facility is that access to can be restricted, controlled and monitored. According to Tom Perkins, Vice President at Sungard Availability Services, the demand for colocation facilities for disaster recover, business continuity and protection against ransomware is accelerating. “Our customers are deploying DR and BC programs in our facilities in response to the consistent and persistent threats from cyber-attacks. Our data center at 371 Gough Road in Markham, Ontario Canada is a perfect example of a facility that is ideal for this purpose.” 371 Gough is a top facility aligned to Uptime Institute’s Tier 3 specifications and has all the security and connectivity capabilities you would expect; but what it also has is Sungard AS as the service provider.


The Cons of Protecting against the Cons


The fact is, most backup products were designed before ransomware became a popular way of stealing personal and business data. Overall, any kind of physical separation sacrifices system interconnectivity in favour of privacy and security. The sacrifices also include costs of implementation and maintenance; diminished productivity; and, seemingly contradictorily, a degradation in some aspects of security.


Isolated backups are intended to be rock solid copies to restore from in case of ransomware attacks. That makes such backups attractive targets for hackers. Since a ransomware victim is more likely to pay up if their backups are unavailable or corrupted, threat actors have invested a non-trivial amount of time and effort into malware, specifically designed to jump air gaps. Ransomware may be hitchhiking on legitimate files that can be opened and used as normal. Furthermore, the threat vector might include malware that lays dormant in a system for some time before becoming active.


Eight ways to improve your IT Mattress Security


1. Make you back-up data immutable (i.e., no one can encrypt, tamper with, or delete your protected data for a specified period set by the end-user). Many strategies use a Write Once, Read Many (WORM) model, meaning after data is written it cannot be modified).

2. Secure all devices associated with your data back-up - off-site.

3. Shield all cable systems to protect data from errant RF monitoring.

4. Keep cellphones (with their numerous difficult to secure communications pathways) away from your systems.

5. Disable or remove any unnecessary USB ports and other media slots such as CD drives (some IT managers use port blockers, glue or endpoint protection software). The key is to eliminate or limit the incidence of any external media being attached to your system.

6. Replace all standard drives with Solid State Drives.

7. Power off equipment and unplug from the power source when not in use

8. Encrypt all data.



Which IT Mattresses is Right for you?


Apparently, stuffing money in a mattress is still a thing! Reportedly, millions of people across the world apparently still do it. So too is the practice of stuffing our data in IT mattresses – aka air gapping. Afterall, what is more secure than a secure connection? No connection at all.


With a robust backup policy with both local and off-site backups, corporations can quickly restore uninfected data from immutable backups, deploy them, and recover from ransomware or other disruptions. Air gapping continues to provide an additional layer of security even in cloud-based environments. The only difference is that we’ve gone from air gapping as a “set it and forget it” tactic to one that must be monitored closely.


The Cushman & Wakefield’s Global Data Center Advisory Group has worked with Hyperscalers, Cloud Service Providers and Enterprise customers to assist them with finding new Data Center facilities and/or to dispose of surplus facilities. Our Global reach and reputation, immersive local market knowledge and structured process to identify “Off Market Opportunities” has provided our clients with many winning options where none seemed available.


For more information on Cushman & Wakefield’s can assist you with you Data Center needs please contact us.

50 views0 comments

Recent Posts

See All