Ransomware is making headlines globally but is not receiving a coordinated response from world leaders or the IT industry. Malicious groups ranging from online street thugs to full-blown state-sponsored military operations are infecting computers and holding them for ransom using encryption with little regard for who might be impacted. It’s often not even clear if a successful ransom payment will result in the timely return of the victim’s data.
Governments cannot be expected to solve this problem, and in fact may penalize you for paying a ransom to “terrorists”. IT decision makers must urgently look outside of their standard toolkit because hackers are always looking for new attack vectors to compromise systems. iXsystems TrueNAS offers a robust approach to combating ransomware that embraces mainstream IT solutions while providing additional layers of security that can be integrated into any organization’s ransomware protection strategy.
The Nuts and Bolts of Ransomware
A large portion of systems that fall victim to ransomware are running Microsoft Windows and rely on Windows technologies such as Group Policy and the Volume Shadow Copy Service (VSS) to keep intruders at bay and mitigate the damage they do. While this approach will prevent some attacks, these approaches often miss the most common yet nefarious ransomware attack vector: a privileged user downloading unintentional malware that infects and encrypts every resource that they have access to. The more privileged the user, the more damage they can inadvertently cause — up to full and total destruction performed with Administrative access.
In addition to user workstations, consumer-grade NAS systems such as QNAP, Synology, and WD CloudNAS have also fallen victim to high-profile and widespread ransomware attacks. NAS systems like these that are Internet accessible are particularly vulnerable. Where built-in applications and services have root access to the system, each application enabled makes the whole system more vulnerable. Extreme care should be taken before exposing any storage service to the internet, and if required, should be done using a variety of techniques such as incorporating VPNs, Encryption, and two-factor authentication (2FA).
Additionally, many high-profile targets are compromised and analyzed months in advance before a ransomware attack. Adversaries perform reconnaissance to identify and target backup strategies and identify anything that provides an advantage when launching their attack. If necessary, reinforce your network security tools and procedures as they are often the first defense for your storage security.
Ransomware Payments Should be Your Last Resort, Not Your First
The true secret to combating ransomware is to treat it like any other threat to your data and build a robust storage infrastructure that can provide end-to-end data integrity with rapid restoration capabilities. This is where TrueNAS with its OpenZFS file system helps safeguard exabytes of data across the globe from not only ransomware but also the traditional threats that a good data protection strategy is designed to address. From user error to bit rot, you should be ready for anything, and TrueNAS provides key capabilities that give you an upper hand against all risks to your data, including:
- Bitrot protection, thanks to continuous filesystem checksumming
- Redundancy, thanks to flexible volume configuration
- Protection from disrupted writes thanks to a “copy-on-write” design
- Instant point-in-time, immutable backups thanks to snapshots
- Fully-validated bit-level backup thanks to snapshot-based replication
- Optional dataset or full-disk encryption for privacy and compliance
- Optional high-availability for robust service delivery
- Cloud backup integration with all leading providers
- Replication and backup to non-TrueNAS hosts via rsync
- Windows malware immunity thanks to Unix operating systems
- SMB share protection with WORM profile options
TrueNAS Goes the Extra Mile for Data Security
In practice, a network of TrueNAS systems deliver industry-standard sharing protocols including SMB, NFS, iSCSI, AFP, and FTP to servers and workstations with the key difference being that essential data protection operations are invisible to users and out of reach of known ransomware. Should a connected system be infected, the administrator can selectively roll back the impacted storage and optionally clone the infected state for forensic analysis. Backup operations also take place transparently to users and are online for continuous inspection with optional air-gapping. This infrastructure can be further secured with:
- Tightly restricted Internet access with OpenVPN options for remote access
- Third party Application protections via industry standard containerization technologies
- Role-based Access Control (RBAC) and auditing with TrueCommand
- End-to-end encrypted administrative access
- Least-privileged Active Directory joining authority
- Optional two-factor authentication for administrative access, including UI and SSH
Isn’t Open Source a Security Disadvantage?
Quite the contrary. Having source code open and available provides significant benefits to security that closed-source products can’t provide. TrueNAS is backed by one of the largest Open Source communities today, the TrueNAS Community, who actively help with specifying requirements, development, validation, and field testing of the software. TrueNAS software is also completely open for transparency and external review to avoid the types of hacks that have become the norm for many closed-source pieces of software.
Time to Take Preventative Action with TrueNAS
Ransomware is a pervasive and evolving threat, but it does not change the fundamental rules and responsibilities of data protection. The TrueNAS family by iXsystems offers flexible storage solutions ranging in size from a few terabytes to many petabytes, with a comprehensive set of security tools, a unified user experience, and up to 24/7 technical support. For up to date information on TrueNAS security information, users should visit security.truenas.com.
Whether you are using TrueNAS CORE, Enterprise, or SCALE, TrueNAS provides the tools needed for data security. The TrueNAS Community Forum is an excellent place to discuss any concerns or ask questions of other experienced users. Contact iXsystems when you are ready for professional support to build secure data infrastructure for your organization.