Avoid paying the ransom
Pure Storage’s Jason Hammons and Anthony Liston outline how operators have to tackle an evolving ransomware threat…
With over 20 years’ experience in Enterprise IT, Anthony heads up the eGaming sector at Pure Storage with a focus on helping his clients differentiate themselves through the use of next generation technologies. By maximising the value of his client’s data he enables them to grow their businesses and achieve competitive advantage.
Betting and gaming websites were already common targets for ransomware attacks before the Covid-19 crisis.
However, the pandemic has exacerbated the challenge facing operators, according to Pure Storage, a provider of data storage hardware and software products.
Ransomware – which is a form of malware that encrypts files, with the attacker then demanding a ransom, usually via a cryptocurrency – was used to extract $24m in 2015. By 2019, the figure had rocketed to an estimated $11.5bn.
Over the same period, attackers slashed the average time taken between the initial security breach and activating the encryption-related ransom from 206 days to 55 days.
This timeframe has been squeezed further during the Covid-19 outbreak, which has created conditions that are ripe for such cybercrime. Social-distancing measures have led to a sharp rise in remote working and a greater reliance on digital infrastructure from businesses and consumers, putting an unprecedented strain on systems.
Accordingly, many operators who were unprepared for ransomware attacks have become more increasingly exposed to such risks.
“Attacks are happening more quickly and there has been a significant increase in data loss,” says Jason Hammons, Pure Storage’s EMEA director of data architecture.
“With bandwidth and internet consumption having gone up, administrators have found it much harder to manage the traffic. If they lacked the necessary security measures going into Covid-19, the risk has become greater.”
Targeting vulnerabilities
The perpetrators of such schemes have become brutally efficient at exploiting weak points within overstretched systems by adopting an ever-more aggressive approach.
“They are going after copies of customer data and are stealing back-ups of intellectual property,” Hammons adds. “Losing customer data is very important, but very valuable data about how players interact with games are also being taken.”
By downloading copies of client files, attackers can threaten to release such data publicly if ransoms are not paid, bringing the prospect of costly third-party legal claims from disgruntled customers.
However, the risks of a ransomware attack for an operator are multi-dimensional.
Attackers typically target a network by compromising an administrator account, where they can delete data ‘snapshots’ and back-ups. Although paying the ransom fee, which for businesses can often reach five-figure sums, provides no guarantee of being able to retrieve the ‘lost’ data, research suggests that it is likely in the majority of cases.
The operational disruption can be savage, though, with ransomware attacks forcing many businesses effectively to ‘go dark’ until the issue is resolved, often for days or even weeks, leading to a significant loss of income.
Reputational damage, meanwhile, is harder to quantify in an industry such as betting and gaming where scrutiny from regulators is intensifying and studies have shown that website payment security and reliability are viewed by customers as amongst the most important traits.
“Many of these businesses are heavily regulated and, depending on where they are based, they might have to keep their data for up to seven years. That is a huge amount of data they are trying to protect and make accessible,” Anthony Liston, gaming sector lead at Pure Storage, explains.
“Gaming is vulnerable because of the large amounts of customer data and the problem amplifies if there are multiple touchpoints within organisations that can be exploited.
“Operators in some regions are required legally to have dedicated data-protection infrastructure in place, but it is often sitting in colocation centres at best. With others the set-up is even less secure.
“There have been examples of companies in this sector closing down for days due to ransomware attacks, and there is significant reputational damage associated with that, as well as possible financial repercussions.”
Costly impact
The repercussions can be expensive. For example, it was revealed in April that supplier SBTech had set aside $30m to cover the possible costs in relation to a ransomware attack that occurred the previous month.
These high-profile instances have convinced an increasing number of companies in the industry of the dangers of ransomware, though, according to Hammons.
Increasing levels of awareness are illustrated by the fact that perhaps as few as 5% of businesses that sign up as new clients for SafeMode – which protect back-up data and metadata by allowing a client to restore their files by referring back to ‘snapshots’ as part of Pure Storage’s FlashBlade solution – have experienced a ransomware attack in the previous 12 months.
As an example, US software company ServiceNow became a customer after recognising it had reached the limit of its legacy storage environment and could not keep up with rising data volumes and the resulting time-consuming daily maintenance requirements.
“It’s important to protect the data where it lives and our cloud-based support enables oversight of what is happening in real time so the administrator has a mechanism to go back to a snapshot of their data securely,” Hammons says.
The “last line of defence” nature of the protection is based on the premise that whilst it is important to put safeguarding provisions in place, relying on these steps to plug every possible hole against a ransomware attack is ultimately futile.
“It is worth remembering that the attack vectors are ever-changing,” Liston adds. “It is very hard even for high-tech businesses to keep up with the evolution.”
For more information and insights from Pure Storage, please visit their website.