Combating Evolving Ransomware at the Block Level

Author(s)/Presenter(s):
Library Content Type:
Publish Date: 
Thursday, September 27, 2018
Event Name: 
Focus Areas:
Abstract: 

Ransomware attacks that hold your data hostage using unauthorized data encryption or exfiltration are spreading rapidly and are increasingly relying on security vulnerabilities in addition to human gullibility. Ransomware attacks are particularly nefarious because they generally depend on unelevated user privileges. The result of a ransomware attack thus can be indistinguishable from a user simply deleting their own data with their standard access permissions. While ransomware attacks cannot be institutionally eliminated, they can be institutionally mitigated using OpenZFS' snapshot, clone and rollback facilities. From DAS to NAS/SAN and virtual machine storage, OpenZFS and OpenZFS-based storage appliances can provide vendor-neutral, organization-wide infrastructure that can efficiently recover from ransomware attacks.

Learning Objectives:
1. Introduction to Ransomware and its mitigation at the block level
2. Understanding of how Ransomware is beginning to leverage security vulnerabilities
3. Technology-agnostic and specific introduction to file system snapshotting’s role in data protection
4. High-level introduction to the open source, vendor-neutral OpenZFS file system and its capabilities