My Sunday morning was muddled 2 weeks ago. There was a frenetic call from someone whom I knew a while back and he needed some advice. Turned out that his company’s files were encrypted and the “backups” (more on this later) were gone. With some detective work, I found that their files were stored in a Synology® NAS, often accessed via QuickConnect remotely, and “backed up” to Microsoft® Azure. I put “Backup” in inverted commas because their definition of “backup” was using Synology®’s Cloud Sync to Azure. It is not a true backup but a file synchronization service that often mislabeled as a data protection backup service.
All of his company’s projects files were encrypted and there were no backups to recover from. It was a typical ransomware cluster F crime scene.
I would have gloated because many of small medium businesses like his take a very poor and lackadaisical attitude towards good data management practices. No use crying over spilled milk when prevention is better than cure. But instead of investing early in the prevention, the cure would likely be 3x more expensive. And in this case, he wanted to use Deloitte® recovery services, which I did not know existed. Good luck with the recovery was all I said to him after my Sunday morning was made topsy turvy of sorts.
NAS is the ransomware goldmine
I have said it before and I am saying it again. NAS devices, especially the consumer and prosumer brands, are easy pickings because there was little attention paid to implement a good data management practice either by the respective vendor or the end users themselves. 2 years ago I was already seeing a consistent pattern of the heightened ransomware attacks on NAS devices, especially the NAS devices that proliferated the small medium businesses market segment.
- [ January 2020 ] NAS is the next Ransomware gold mine.
- [ October 2020 ] Ransomware recovery with TrueNAS® ZFS snapshots
The WFH (work from home) practice trigged by the Covid-19 pandemic has made NAS devices essential for businesses. NAS are the workhorses of many businesses after all. The ease of connecting from anywhere with features similar to the Synology® QuickConnect I mentioned earlier, or through VPNs (virtual private networks), or a self created port forwarding (for those who wants to save a quick buck [ sarcasm ]), opened the doors to bad actors and easy ransomware incursions. Good data management practices are often sidestepped or ignored in exchange for simplicity, convenience, and trying to save foolish dollars. Until ….
3-2-1 A-B-C
Even though I have diligently journaling the many news and incidents of these consumer/prosumer NAS devices in the past 21-22 months since June 2020, there is a clear, distinct and repeated end user frailty involved. Most do not practice good data management basic practices.
The 3-2-1 A-B-C mantra is something I often preach to enterprise customers when it comes to data management. So the message here is targeted to small medium businesses users and organizations with weak IT practices.
The 3-2-1 backup rule is the most basic practice of data protection. 3 copies, 2 media, 1 off-site. The copies are the backups that should be stored in 2 types of media with one copy stored at a different premises.
The A-B-C rule was part of a marketing campaign brought out by Hitachi Data Systems® in 2013-2014.
- A = Archive First
- B = Backup Less
- C = Consolidate Always
This rule, in the sequence of A, B and then C, had a lot of sensibility when it comes to data management. In the present day, the amount of data is always inundating storage systems on-premises and in the clouds. The practices and the preparations that go into the A-B-C rule should be cornerstone of data management in any organization.
Doing it right
I am not going into the details of the 3-2-1 and A-B-C rules. I leave it to the practitioners and the vendors to sprinkle their magic pixie dust and add the sparkles to their own respective technology offerings and implementations. But at the very fundamental level, end users must heed the vocation and the dedication to some forms of these data management rules.
Yes, adding these data management practices and the solutions will cost money and time. But when the pain of losing valuable and sensitive files, unable to open them to work in the near and long term, the costs of limited file recovery (even with ransom paid), the long tail after effects of the ransomware attack, the fright that it could happen again, the fear and the peace of mind broken and so many other manifestations of lost security come together as the perfect scary movie, it is time to start doing data management right.
The ransomware scourge is unabating. It is only a matter of time that it will happen to you and your organization.