Intro

Today, there are few organizations and service institutions around the world that have not been attacked or threatened by ransomware cyber attacks. This is directly related to the importance of information and its extent, especially with the growing increase in the production and storage of information as a result of expanding the use of cloud processing models, big data and the development of social networks in the form of quantitative and qualitative development of third generation data centers. has put more organizations at risk. Therefore, maintaining and ensuring the security of stored valuable information has become the most important challenge for organizations to continue business and provide services.

The statistics published in this regard in specialized publications show the high volume of vulnerability and the high risk of information being out of reach due to the influence of foreign agents in information networks and information destruction.

Therefore, measures to prevent these ransomware infections or to get rid of them are on the agenda of all security working groups of online service organizations, including Tesco. The most important principle in the fight against Ransomware is to know their nature and how they work on the victim's systems.

What is ransomware and how does it work?

Ransomware is actually malware that is designed to deny users access to their stored information on systems. This type of malware generally uploads information with special keys. According to the latest studies, ransomware is currently the most tangible type of common malware.

Now the main question is: How do ransomware work? To answer this question, it is better to take a look at the life cycle of these malwares.

Ransomware life cycle includes stages:

• Create ransomware
• Infiltrating the target network and expanding on the level of the victim's systems
• Identify files containing valuable information
• Data encryption with adversarial keys
• The ransom announcement and request for decryption of the information is out of reach.

In the first step of this cycle, victim systems are usually attacked by sending suspicious emails containing links to malicious codes. Another method of infiltration is to steal user access information (especially to use RDP protocols) with social engineering methods. After penetrating the target network, the information identification and encryption phase begins. Ransomware is usually installed on the operating system and starts identifying files secretly. Next, they encrypt the information with the Attacker Controlled key, and in the last step, the encrypted files replace the original files. Different types of ransomware are formed in this section.

Finally, the process of announcing and requesting ransom for decryption is executed.

Methods of dealing with ransomware

The best treatment is prevention. Regarding dealing with Ransomware, this repeated sentence is very relevant. Although the methods of dealing with ransomware are classified into two categories, proactive and reactive, but the strict advice of Aren's information security experts is for preventive measures. Among the most important preventive measures are:

• Training and improving the level of knowledge of system managers and users of the organization regarding the dangers of ransomware and their working methods
• Preparing backup copies of information based on business continuity solutions based on data life cycle policies
• Constantly updating infrastructure services and installing software patches approved by software manufacturers
• Implementation of user access mechanisms based on Two Factor Authentication policy
• He pointed out the use of anti-ransomware security software in order to identify the threats in the systems.

Of course, it should be noted that the main challenge of organizations in dealing with ransomware threats is their lack of coherence to implement the mentioned methods.

Object Storage is a creative solution to deal with Ransomware

Over the past years, with the acceleration of the process of producing data with a high volume and independent of the database, Object Storage Devices are used in sensitive sectors such as monetary institutions, banks, government service organizations and healthcare centers as a smart and effective way to store information. It is used sensitively. Also, with the ever-increasing dangers caused by ransomware, object-based storage systems have been proposed as a creative solution to prevent the possible dangers of ransomware by providing unique algorithms during which the permission to make changes to the stored information is revoked. Organizations are welcome.

In this model, in addition to using Object Storage Devices as the main layer of storage, authentication and data encryption mechanisms (Inflight and At Rest) are also used as the two main wings of data protection to reduce the risks caused by the penetration and spread of ransomware. to minimize

How can OSD work against ransomware?

Object-based storage systems store data immutably. In other words, the architecture of OSD systems is designed in such a way that they do not provide the ability to make changes in the nature of files in the storage location. This is the exact opposite of POSIX BASED storage systems. By using this feature, many ransomwares face the challenge of encrypting information (making changes in file attributes).

In addition, these systems use versioning in order to maintain the integrity of stored information, while the WORM (Write Once Read Many) mechanism was used as the main versioning solution in early OSD storage systems by some of the leading manufacturing companies. The storage equipment uses the S3 API Extension mechanism (which was presented to the information technology market by the Amazon software group as a solution to improve the security of information in AWS cloud computing infrastructures) as an advanced Versioning solution.

It should be noted that in this method, a new version of the information must be saved for any changes to the files. As a result, for each mapping process, the new information of the previous version is saved as Read Only. Finally, some equipment with more advanced technology in this field, such as Dell-EMC's ECS, have also used S3 Object Lock API in their new versions. Based on this mechanism, it is not possible to update or delete stored information in a fixed period of time.

Conclusion

Although countering ransomware attacks requires a comprehensive and multi-layered defense policy, it can be concluded that using object-based storage systems (OSD) and benefiting from their inherent features to store information despite the higher cost than other existing storage systems can It should be proposed as a smarter and more efficient solution to prevent the penetration of ransomware. Of course, we should not ignore the key role of authentication and encryption solutions along with object-based storage infrastructure.

In the end, it is necessary to mention that no solution alone is sufficient to fight against the intrusion of ransomware, and according to the recommendations of researchers in the field of information security, the use of OSDs along with conventional methods, as well as software solutions such as Ransomware Defenders, can improve the defense and operational capabilities of organizations in equals the risks of ransomware.