Secure the Data, Not the Device: How Decentralized File Storage Creates Resilience Against the Risk of Ransomware Attacks

November, 2021

DSA ADS Course, 2021

Data Security, Data Engineering, Cyber Security

Discuss data security and data engineering applying decentralized storage strategy. Discuss security risks and how to mitigate without unreasonable performance disruption. Weigh trade-offs in several operational scenarios. Discuss potential legal exposure and both civil and criminal liability in different scenarios.

Secure the Data, Not the Device: How Decentralized File Storage Creates Resilience Against the Risk of Ransomware Attacks

Ransomware attacks are a lucrative practice for hackers. In just one attack in June against meat processing company JBS, hackers extorted an $11 million payment. In the wake of the May 2021 Colonial Pipeline ransomware attack, Secretary of Homeland Security Alejandro Mayorkas said, “More than $350 million in losses are attributable to ransomware attacks this year. That’s a more-than-300 percent increase over last year’s victimization of companies. And there’s no company too small to suffer a ransomware attack.”

Ransomware is a type of malware that encrypts the target’s files and data or even its entire system, preventing users from accessing the data until they pay the ransom. After receiving payment, the hacker provides the decryption key in the form of a password. The hacker may also engage in double extortion, threatening to leak the stolen data if the victim does not pay.

Prevalent strategies for dealing with ransomware emphasize defensive measures, even though experience shows that one cannot thwart a well-resourced adversary determined to penetrate a target’s system. To the extent that current strategies seek to build resilience, they call for maintaining system backups, which may not prevent substantial data loss. For example, the ransomware best practices guide from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) begins with an admonition “to maintain offline, encrypted backups of data and to regularly test your backups.” The CISA guide then turns to cyber hygiene measures for preventing infections.

To deal more effectively with the threat from ransomware, the most pressing need is to configure networks in a manner that promotes post-attack resilience. Specifically, there is a need to shift from defending devices — such as servers and workstations — to ensuring that the data on those devices is immediately recoverable. Decentralized file storage systems provide a potential solution. Instead of storing files and data on a central server that may become a single point of failure for the entire network during a ransomware attack, a decentralized storage system “shards” (breaks up), “hashes” (labels), and encrypts files, then stores the fragments in multiple locations.

If the system works as intended, users can discard compromised devices following a ransomware attack, then use new machines to reassemble their files and resume business as usual without costly disruptions. Even if attackers exfiltrate files or data, encryption prevents them from exploiting it for extortion or other purposes.

Resource Type: