Tuesday, October 12, 2021

Lessons learned from Spectra Logic following its ransomware attack

Spectra Logic, the famous secondary storage vendor, learned from its Netwalker ransomware attack. The team shared this story during the recent IT Press Tour and had leveraged this tough period to significantly improve its products in such prevention direction.

The company designs, develops and build tape libraries such TFinity and T950 among others and also data management solutions named StorCycle or BlackPearl. Nathan Thompson, founder and CEO of the company launched his project more than 40 years ago in Boulder, Colorado. Well established worldwide with key partnerships, the firm protects data in 80 countries with more than 20,000 installations. But being a strong player in data protection doesn't immunize it from cyber attacks such the one they got in 2020.

Back to the story, Nathan Thompson shared himself the story of that stress moment for his company. On May 7th, 2020, something happened as clearly systems started to fail one after the other. Some console displayed that files are encrypted by Netwalker and the team started to realize that a serious attack threats the health of the company. All indicators move in the bad direction, servers failed, applications stopped, and the business was of course completely stopped. The management decided to notify the FBI about its attack.

Attackers asked Spectra Logic to pay $3.6 million in the next few days to recover and restart the business by decrypt all files. Nathan and his team decided to not pay the ransom and started to recover files from all the backup images they have internally. In fact, this attack served as a proof that Spectra is one of the key components in the cyber crime resistance. We could argue that Spectra shares this story because they exited positively from this nightmare, what could have happened if Spectra was not able to restart?

In less than a week, Spectra IT team was able to recover enough data and systems to allow an incremental business restart for the company. It took a few more weeks to clean everything but clearly it was a success.

They learned from that and realized that their story is not unique but what they develop as a storage vendor and how they recovered could be a trigger for additional data protection mechanisms within their product line. Common sense and obvious decision. We see here a positive combination of people + technology associated with right decisions at the right moment. This is the perfect proof of a good management in crisis time.

So product management and company management decided to think about implementing in their products some missing or needed features to resist to such attacks. The result is named "Attack Hardened" as a program to strengthen products.


In details, it means adding in tape libraires, BlackPearl and StorCycle some new capabilities:

  • Tape libraries
    • create a special zone within a tape library to isolate cartridges,
    • consider a real air gap extraction feature to export tapes,
    • of course encrypt all data free of charge and
    • make the media immutable as a WORM media
  • BlackPearl
    • add scheduled snapshots stored on immutable storage,
    • enrich access protection with multi-factor authentication,
    • coupled snapshot with backup software like Commvault, Veeam and others and
    • remote copy data sets to other location to create new level of redundancy and increase data durability
  • StorCycle
    • encrypt data and allow snapshots to be written to BlackPearl NAS,
    • support of multiple storage technologies such disk, tape and cloud and
    • multiply the usage to data tiering to minimize sensitive data on more exposed devices.

This story is just fantastic as Spectra is transparent on his attack and how they controlled it and restarted from it. They learned some key lessons and identified some missing or needed new features to enhance their products. It seems that this aspect is now a common attribute of the company. We also learned that something new is coming, a new approach to data management.

Share:

0 commentaires: