HPE StoreEver LTO Tape: A Cost-Effective Cybersecurity Shield to Avoid Ransom Payments

Introduction

Ransomware attacks have become an increasingly formidable threat in the IT landscape, targeting businesses of all sizes and sectors. The choice organisations face when confronted with a ransom demand is often a difficult one: pay the ransom and risk the financial and ethical implications or take a stand against cybercriminals and potentially jeopardise their ability to continue to function.

However, there is an alternative approach that not only safeguards your data but can also save you money. In this article, we will explore why using HPE StoreEver Linear Tape-Open (LTO) tape technology to create an offline air gap can be a very cost-effective cybersecurity shield, ensuring you don't need to pay the ransom and potentially saving you money in the long run.

The Ransomware Dilemma

The almost omnipresent nature of the ransomware threat means that organisations falling victim to a cyberbreach are increasingly caught between a rock and a hard place. Cybercriminals demand ransoms in exchange for decryption keys, often threatening to release sensitive data or disrupt critical services. Paying the ransom may seem like the quickest solution to regain access to encrypted data and minimise downtime. However, submitting to cybercriminal demands may have significant drawbacks:

No Guarantees: Paying the ransom doesn't guarantee that you will receive a working decryption key, as attackers might not hold up their end of the bargain. A recent market research study, by Adience for HPE and FUJIFILM Recording Media, found that 85% of all ransomware attacks have some degree of success. But after a ‘successful’ ransomware attack, only one in ten customers recovered all their on-prem data while just under a third lost everything. If criminals were reckless enough to steal your data in the first place, it might be a leap of faith for IT organisations to place all their trust in the honour of thieves.

Financing Cybercriminals: Ransom payments contribute to the profitability of cybercriminal operations, emboldening them to launch more attacks. In common with practically every law enforcement agency, the US Federal Bureau of Investigations has a fairly blunt message on the subject of paying cybercriminals:

“The FBI does not support paying a ransom in response to a ransomware attack.?Paying a ransom doesn’t guarantee you or your organisation will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”

Legal and Ethical Dilemmas: Paying a ransom can lead to legal and ethical dilemmas, as it may violate laws and regulations. It also encourages a dangerous precedent of rewarding attackers and encouraging them to be more brazen. Since September 5, 2023 the US Securities and Exchange Commission has required public companies to?disclose within four days all cybersecurity breaches?that could impact their financial well-being. In November 2023, the hacker group, AlphV, reported one of its own victims, a software vendor supplying banks, credit unions, fintechs, and other financial institutions, for failing to notify the SEC of a cyberattack that AlphV itself had perpetrated.

The Offline Air Gap Solution

An offline air gap, achieved through HPE StoreEver LTO tape technology, creates a physical separation between your data and the network, protecting it from ransomware attacks. This approach involves regularly backing up your critical data to LTO tapes and storing them in a secure, offline location that is physically unconnected to the network. As such, this offline air gap is impervious to privilege escalation, lateral movement, storage reconfiguration, encryption and other common techniques deployed by cybercriminals to lock down an organisation’s data.

By implementing an air gap, you create a safety net that might make it unnecessary to pay the ransom – as with the Spectra Logic cyberattack discussed in a previous article – and in so doing, save your organisation time, resources and money.

Key Advantages of LTO Tape as an Offline Cybersecurity Shield

Immunity to Online Threats: LTO tape backups are offline, meaning they are not connected to your network. This isolation renders your backup data impervious to ransomware attacks, as the attackers cannot encrypt what they cannot access.

Longevity and Durability: LTO tape cartridges have a long lifespan, often up to 30 years when stored correctly. This longevity ensures that your backup data remains intact and available for recovery, even in the event of extended downtime or widespread encryption of files.

Cost-Effective Data Protection: LTO tape technology offers a cost-effective solution for archiving and safeguarding your data. The upfront investment in tape technology is significantly less than paying a ransom, which may not even guarantee data recovery. As an example of this, a HPE StoreEver MSL3040 tape library, with capacity for 40 LTO-9 data cartridges, could allow you to protect up to 720 TB of native data securely behind an airgap. Such a solution would cost around $50,000, which for a typical medium sized business and above may be an affordable investment in comparison to the potential costs of a ransomware attack discussed below.

Data Recovery Flexibility: LTO tape provides an efficient and flexible data recovery process. Should a ransomware attack occur, you can restore your systems and data from the offline backup reasonably quickly, minimising downtime and disruption. While other technologies may be better suited to recovering mission critical data in the shortest possible timeframe, tape is ideal for protecting broader and deeper sets and volumes of business information. Given that the average length of impact from a ransomware attack is several weeks rather than several minutes or even hours[1], businesses are less disadvantaged by the time taken to restore normal operations using tape than they are benefitted by having all their data to recover from a secure offline backup.

Real-World Savings through LTO Tape

So if that covers HPE StoreEver tape as cybersecurity shield, now lets examine the second part of the title of this article and examine how LTO tape technology can save businesses money by helping them to avoid making ransom payments and minimising the overall cost of a successful cybersecurity attack.

The Cost of Ransom Payments

Ransom payments can vary significantly, with attackers demanding anywhere from a few hundred dollars to millions of dollars. According to Coveware, the average ransomware payment in Q4 2023 was $568,705[2] - more than ten times the cost of a midrange tape system like the HPE StoreEver MSL3040.

It’s also important to bear in mind that cybercriminals are extremely savvy negotiators – after all, they have more experience than most in the field of extortion and the psychology of ransom payment decisions – so they are very adept in setting the level of their demands. As discussed earlier, there is no guarantee that paying the ransom will result in the successful recovery of your data. You might end up paying a substantial sum without any assurance of data restoration.

Additional Hidden Costs of Ransomware Attacks

Ransomware attacks come with hidden costs that extend beyond the ransom itself. These costs include:

• Downtime: Extended downtime can result in lost revenue and productivity. A 2022 study by GetApp found that among companies that paid the ransom, 70% said the attack made a major impact on productivity. Over one third (37%) of victims selected productivity losses as the single most consequential impact of a ransomware attack, more than any other effect surveyed.
• Recovery Efforts: Organisations must invest in forensic analysis, investigations, and cybersecurity enhancements after an attack. Such services do not come cheaply.
• Legal and Regulatory Compliance: Ransomware attacks can trigger legal and regulatory compliance issues that lead to fines and penalties – as mentioned earlier in the AlphV SEC complaint.

Opportunity Cost

More pertinently, when you pay a ransom, you divert resources away from investing in proactive cybersecurity measures and strengthening your infrastructure. The opportunity cost of not investing in preventive measures can be significant, potentially leading to more frequent and severe attacks in the future. For its ‘Ransomware On The Move 2023’ report, cloud computing and security vendor, Akamai, analysed victim details posted to the leak sites of about 90 ransomware groups over a 20-month period from October 2021 to May 2023. Akamai’s report found that organisations hit by a ransomware attack are almost six times more likely to be attacked again over the next three months.

Conclusion

In the ongoing battle against ransomware attacks, IT professionals must weigh the consequences of ransom payments against the benefits of an offline air gap provided by LTO tape technology. By creating a physical separation between your data and the network, you protect your organisation from ransomware attacks and avoid the financial, legal, and ethical dilemmas associated with ransom payments.

The cost savings are evident in both the immediate ransom payment and the hidden costs of ransomware attacks. By implementing HPE StoreEver LTO tape technology as an offline air gap, you not only ensure data protection and recovery but also potentially save your organisation money. It's a proactive and cost-effective approach that might not only provides peace of mind but also strengthen your organisation's resilience against the relentless ransomware threat.

[1] Source: Veeam Ransomware Trends Report, 2023

[2] Coveware Quarterly Ransomware Blog, Q4 2023