Ransomware attack leads to shutdown of major U.S. pipeline
That was the headline that caught my attention this morning.
As a Project Manager, certain thoughts crossed my mind - using subconscious techniques like risk management, crisis control and borderline-use-cases:
1. All ransomware attackers want to be paid in cryptocurrency.
The whole world is suffering from a crackdown on grey & black-market currency. In Israel - for example - there's a limit as to the amount of cash you can pay when buying items. How come you have so much cash?
Every time I transfer money to one of my kids, I worry that some algorithm will flag it for some bored paper-pusher to investigate, and waste hours & days (and possibly lawyer fees) to prove my innocence.
Yet, you can squirrel away your criminal earnings into crypto and voila! life is good. No way to trace what you do with it. No way to trace you are you.
Clearly, it's time to change the anonymous aspect of crypto. (I'm a firm believer that only people with things to hide refuse to divulge information that would help solve international identity issues. From biometric identity documents to cryptocurrency, and more. But that's not the point I'm dealing with here.)
I'm not sure how to go about it, and I sure hope that law-enforcement agencies are working on this...
2. It's not the mouse, it's the hole that steals.
A somewhat amusing Talmudic statement - shifting the blame from the mouse (or hacker, in our case) to the hole.
So, how do we fix the hole? That's the cat & mouse game (pun intended) that half the world is playing against the hackers.
But, if one can mitigate the affects, to the point where one doesn't even consider paying the ransom, one has shrunk the hole tremendously.
Here are some ideas for mitigating the pain of a ransomware attack, based on being responsible, inter alia, for IT and DevOps for the past 9 years.
A. Backups
Duh. Don't you have anything to write about? Well, let's reword that to backups and fast restores.
I refuse to believe that something as crucial as a U.S. gas pipeline supplying the entire East Coast does not have backups in place. But... if they cannot restore in a timely fashion, then they will have to work with a crippled system for a while.
This is unacceptable. The smallest Mom & Pop shop will suffer from a few days down-time. The more critical the computer system, the less it can afford down-time. So it's crucial that the backups are:
- Actually happening - and not suffering from out-of-space or limited bandwidth issues, or other excuses.
- Up to date - you don't want to lose more than a few hours (or minutes) of work.
- Fast restore - the closer to instant restore, the better.
- Ransomware-safe. If the backups are hacked, or you are backing up a system with the ransomware attack installed, you essentially don't have a useable backup.
Let's discuss these last 2 points in more detail.
Fast restore
As already mentioned, if you cannot restore in a timely fashion, you are going to be without the ability to function; from being unable to sell lollipops to having patients dying.
One technique I came across was to virtualize everything - then the machines can be backed up periodically by taking a snapshot. This technique is used on VMWare servers, for example, and is easy to automate, doesn't require downtime (you can backup while working) and the restore is almost instant.
I've also used offline-continuous-backups like Carbonite; the restore can take a while, depending on your bandwidth. Your apps won't be restored - you'll have to reinstall them - but your data will be almost up-to-date.