Insight and analysis on the information technology space from industry thought leaders.

Enhancing Ransomware Protection: A Guide for Data Center Engineers

By fostering innovation and collaborating with industry partners, data center engineers can take proactive steps to protect data centers against emerging cyber threats.

Padlock locked and chains against data center background

Since the internet boom, data centers have become indispensable for national security and the economy. Our world relies on these facilities to store and process vast amounts of sensitive information. Their growing importance has also attracted cybercriminals, who are tempted by the immense value of the information that data centers possess. Among the most dangerous weapons cyberthieves use is ransomware. For data center engineers, understanding ransomware attacks and how we can effectively protect against them is vital for the health of our organizations.

Experts rank ransomware as a top 10 concern. In 2022, ransomware attacks were estimated to occur every 40 seconds, according to Cobalt. AAG estimates suggest that approximately 236.1 million ransomware attacks occurred globally in 2022, accounting for around 20% of all cybercrime that year. The financial cost of these attacks is staggering. Cybersecurity Ventures predicts that cybercrime will cost the world a whopping $8 trillion in 2023, making it the third largest economy after the U.S. and China.

Ransomware attacks fall into three main categories: denial of service, hard-disk encryption, and system-lock attacks. In each case, the attacker renders the victims’ information inaccessible — unless a ransom is paid. These attacks can result in significant financial loss, reputational damage, and even the compromise of sensitive data.

Hard-disk encryption and system-lock attacks are particularly challenging. Traditional zero-trust models become ineffective when the hardware root of trust (RoT) has been exposed or stolen, as often happens when attackers gain control. In these situations, the only viable option may be to pay the ransom. Victims do so with the hope that such a concession will make the attackers go away and prevent the RoT information from being traded among bad actors.

One of the primary obstacles to mitigating the impact of ransomware attacks is the lack of reporting. Many enterprises hesitate to reveal these incidents due to concerns of shaming, decline in stock value, or harm to their reputation. Even when attacks are reported, limited information is available in vulnerable databases. That means it can take months or even years for workarounds or patches to be developed. Additionally, ransomware attackers often result in the deletion of log files, making it difficult to trace the origin of the attack.

To safeguard data centers against ransomware attacks, several preventive steps can be taken. One of the simplest is a regular 3-2-1 backup procedure: Create three copies of data, store them on at least two different media types, and keep one copy offsite. This strategy ensures that even if one copy is compromised, data can be restored from other sources.

As so many attacks target unsuspecting users, awareness training needs to be seen as compulsory. Companies should provide security awareness training to employees and users, educating them on the latest ransomware threats, attack vectors, and prevention techniques. Data center engineers may need to teach their fellow staff about how to identify suspicious links, unexpected attachments, and unusual sender information. Success will require the implementation of multifactor authentication and strong password policies — including explaining why users should have unique and complex passwords.

Third, endpoint protection is important to understand. It includes using firewalls, antivirus and anti-malware protection, mobile device management, and encryption. With endpoint protection measures in place, a system will detect, prevent, and respond to cyberattacks. Cyberthieves can quickly become savvy to endpoint defenses, which requires data center engineers to stay updated on the latest threats. They can do so by following reputable cybersecurity news sources, attending security conferences, and monitoring alerts from government organizations.

Finally, it’s vital to conduct vulnerability assessment and patching scans. Using automated tools, data center engineers can identify weaknesses in the network, systems, and applications. Then they can perform periodic penetration testing to simulate real-world attacks.

Addressing Ransomware Threats: Innovations for Data Center Engineers

While those existing solutions have helped to mitigate attacks, there is still much to be done. Fortunately, innovative approaches are emerging.

One promising solution is the Data Center Secure Control Module (DC-SCM), a modular concept proposed by the Open Compute Project (OCP). The DC-SCM is a daughter card that houses the RoT and system-on-chip components responsible for key authentication, trust services, and bare metal boot. By consolidating security functions into this card, data centers can enhance their resilience against attacks. In the event of a compromise, rather than replacing the entire system, engineers can simply replace the DC-SCM card. The OCP predicts that OCP-recognized equipment spending will reach $36 billion by 2026, underscoring the significance of this innovation.

That said, the DC-SCM does not completely address all the challenges associated with ransomware attacks. Enterprises still face downtime, productivity loss, and the need to rebuild systems, albeit at a reduced cost. To combat these limitations, I believe the industry must augment hardware itself with intelligence and forensics capabilities.

By incorporating monitoring software and AI-driven attack prevention directly into the hardware, we can reimagine the solution to complement and enhance software-based ransomware detection. This approach can extend to various security functions assigned to the motherboard, such as the baseboard management controller, hardware RoT, trusted platform module, programmable FPGA/CPLD, and management LAN. By tailoring the solution to different server types, we can better align with the unique needs and security requirements of data centers.

The threat of ransomware attacks continues to loom, and relying solely on traditional methods is no longer sufficient. We have the opportunity to take a significant step forward by embracing modular security solutions and integrating hardware monitoring with software intelligence and forensics. Such an approach can limit the impact of ransomware attacks and reduce the costs associated with system replacement.

Through innovation and collaborations with industry stakeholders, engineers can proactively protect data centers against the latest cyber threats. By doing so, we ensure the security and integrity of the critical information these data centers hold.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like