According to a 2015 State of the Data Center report from the SANS Institute, 50% of data center staff reported compromised systems due to application flaws, and 45% attributed it to malware. This makes malware – especially cloud-based malware – one of the biggest threats to data center integrity. Ransomware is especially nasty, shutting down all access to critical systems until a set fee is paid to the attacker.
Data centers are a particularly attractive target for ransomware developers. And although there haven’t been any documented high-profile cases yet, most agree that it’s only a matter of time. Before long, we may well be seeing entire facilities held up for ransom.
- Most data centers either contain highly-sensitive, incredibly lucrative information or serve as the backend for business-critical processes and services. This makes data centers a multi-million dollar opportunity for black hats.
- Given that even a few minutes of data center downtime can cost thousands of dollars, many operators might find it more cost-effective to pay the ransom rather than trying to restore functionality to locked-down systems.
- If ransomware is developed specifically to lock multiple systems or networks, it should be relatively easy to scale that malicious software up as much as necessary – especially given that criminals are now using the cloud as a delivery and distribution mechanism for malware.
In other words, we could be on the verge of a whole new breed of targeted attack. Most data center operators are likely anything but ready to address it. How can you ensure your facility isn’t one that’ll be caught?
- Educate your employees. I cannot emphasize this enough. Malware is frequently delivered through phishing emails or socially-engineered attacks. Train staff to recognize these attempts and avoid them.
- Make sure security software including antiviruses, monitoring tools, and firewalls are consistently updated.
- Ensure all systems in your facility are highly-redundant, and that backups can be spun up at a moment’s notice. That way, if a ransomware developer locks you out, you can isolate the infected systems and replace them with a minimal impact on performance.
Ransomware hardly represents a new frontier for malware – it’s one of the oldest breeds of virus on the web. But the idea that ransomware developers might eventually target the distributed architecture of data centers? That’s new.
And even if it’s an eventuality we won’t see for another few years, it’s still a very, very frightening one.