Tape Media

Tape Drives

Ethernet LTO Tape Drives

Tandberg Data RDX QuikStor

Tandberg Data RDX QuikStation

HP RDX Removable Disk

Quantum SuperLoader 3

Quantum Scalar i3 LTO

Qualstar LTO Tape Libraries

Qualstar Q8 Tape Autoloader

Qualstar Q24 Tape Autoloader

Qualstar Q48 Tape Autoloader

Qualstar Q40 Tape Library

Qualstar Q80 Tape Library

Qualstar Tape Libraries

Overland NEO Tape Libraries

Overland NEOs StorageLoader

Overland NEOs T24 Loader

Overland NEOs T48 Library

Overland NEOxl 40 Series

Overland NEOxl 80 Series

Tape Drive Autoloaders

HP StoreEver Tape Libraries

HP StoreEver MSL3040

Archiware P5 Software

XenData LTO Archive

Facilis Technology

SnapServer XSR NAS Series

Nexsan Storage

ATTO SAS / Thunderbolt

Cables & Terminators

Barcode Labels

Turtle Storage Cases

Quantum Scalar i3 Warranty

Removable Disk Storage

Imation RDX

Imation RDX Bundles

Tandberg RDXLock WORM

Quantum RDX

HP RDX+ Bundles

IBM RDX

Dell RD1000

Reconditioned Tape Drives


Custom Sequence Barcode Labels for all your Tape Media - DLT, SDLT AIT and LTO FREE LTO BARCODE LABELS

LTO-9 Tape Drives LTO-9 Tape Libraries Now Available

SymplyPro LTO Archiving Solutions LTO-8 and LTO-9

Browse by Manufacturer
Mailing Lists


Surviving a Ransomware Attack with Tape Air Gap

Senior Director of Enterprise Business Solutions, responsible for the entire IT infrastructure at Spectra Logic. In his presentation, Tony reveals the details of a ransomware attack suffered by Spectra Logic and how his organization prevailed without paying the ransom demand, thanks in no small part to off-site air-gapped tape for safe and unaffected recovery.

 

Transcript:

hello everyone uh I am Tony Mendoza the senior director of it it's spectralogic uh I know this is the last presentation of the day I'll try to go fast but it's a pretty fun story to listen to um we made we made a decision to to share a story we were we were victims of a ransomware attack uh in 2020 and uh um we decided to go public with it so we can share our experience hopefully help somebody hopefully protect somebody's business um and then and then use this as a resource so I'm here to tell you guys a story about what happened to us and I want to walk you through what it was like to experience a ransomware attack um so this is you got to remember back this is this is May of 2020 right when the pandemic has hit and right when we as a company we're trying to decide how to to keep our Workforce uh working and effective without having them come into the office and so we moved we moved remote very quickly and and as we know now two years later ransomware attacks went up over over covid we were one of one of the first ones attacked and and we got to be a statistic so we find this note um and it and it's almost comical I mean it's just a text message that we found where our files should be along with an encrypted file of our files um and this is just a quick clip of it it's uh it's it's like I said I I read it and kind of scoffed at it and said yeah this can't be real I don't know what this is um but then we started finding them everywhere we're finding them on all of our file servers we're finding them on our database servers uh and it's spreading like I said so um the next thing we do is in panic run to my data center and we start shutting systems down unplugging network cables getting them quarantined because it's it's spreading faster than than we could talk about it spreading faster than than we could investigate systems so we go we go pull plugs and and this is remember this is a Thursday morning beginning of a work day and we're a very transactional company we do we do lots of transactions an hour so any downtime is is uh you know very detrimental to us this brought our entire business to its knees that first day all we did that day was assess what the damage was um and and all we could do and this is this is horrible is bring a system up in quarantine watch the virus start taking over again and go okay this system is nothing anymore it's garbage um and so we brought up systems one at a time quarantine them put tools in place um did some monitoring to them one of the only systems that came back up was our email server um and and that that was that was a Saving Grace but this is not the first day um first day we go through all our systems find out they're they're dead and uh one of my peers in the industry said hey call the FBI which I never thought of um I didn't even know how to call the FBI I had to I had to look up how to call the FBI and and so so I'm I'm I'm on the phone with the FBI and and it's it's like an awkward 9-1-1 call I say you know hey I've had a cyber security incident and instantly they put me through to a cyber security agent we get assigned a field agent and and you know beyond the Panic of that first day that was kind of cool here's what else we figured out with all the encryption um and all the different ransoms that they wanted they asked for 3.6 million dollars in Bitcoin in five days so naturally that's not something that anyone keeps laying around what we did confirm in all this was uh the way it spread the quickest through our network was through our backup service account um what they did and this is brilliant is they wipe out your backup server and so they say okay you know I'm going to wipe out your backup server so you cannot restore stuff so you can pay us some money we found out with my team that was looking at our assets that all of our stuff on tape was there and it was air gapped and we had copies of it off-site and so you know we practice what what we preach at spectralogic and we do use our products to to store and back up our data um and and so the way we were using them we got to the point where we said okay here's our Silver Bullet we we still have all of our data from a few days ago from a backup now we can start making some decisions about you know what we want to do we looked at our data and and and you know figured out that we have uh um about 30-day recovery to rebuild our systems bring it back from tape um it's going to be uh uh you know a four to six week process you know going from tape but we had it and that gave us the confidence uh we also you know at the same time looking at our at our data um we use our products to also snapshot data on disk and so now we have another set of immutable data on disk obviously tape was our silver bullets um but uh but this can be faster you know so now we're thinking all right we're you know we're at a place here that we don't have to pay them we have our data yeah it's painful yeah it's going to take a few days but we don't have to pay and obviously what nobody wants to pay three and a half million dollars at any criminals uh so we prevailed uh Nathan and I did it was just Nathan and I we we actually do take all the credit for it we we go and speak about it and we talk to a lot of people about it and my team knows that I take all the credit for it which I was just the ring leader um but uh uh other than you know a few miscellaneous files that were obviously not important because they weren't on our backups or or we didn't want to bring them back uh we restored everything we paid nothing in Ransom um so yeah uh here's what we figured out uh it's not it's not a matter of if it is a matter of when and even us we've recovered from it we've seen it we've been through it we know resources we've implemented resources um we still think it's going to happen to us again I mean we're it's it's just the the nature of it and and obviously you know it's two years later now I can see the statistics online I can see how much it's grown I can see how much money there is in it it's not going away anytime soon and in my opinion it's getting worse because of iot you know obviously there's there's more endpoints out there for for attack vectors and then my favorite is uh explore air gap and mutable data storage protection that saved our butts having that tape as our Silver Bullet gave us a confidence to say okay now we can look at other solutions to help us recover a little bit quicker but it gave us a confidence to really kind of tell the the threat actors no we're not we're locking down now and we're not we're not paying anything and that was a scary Day by the way um so that's our story I tried to get through it as fast as I can

Search
Shopping Cart
Your cart is empty.

Tandberg Data RDX Quikstor Removable Disk Cartridges

RDX 10 Pack Promotion - celebrating 10 Years of RDX Technology

SnapSever XSR120 and XSR40 Available

Quantum Scalar i3 LTO-9 Now Available and Shipping

Free Shipping UPS Ground - $500 min. order


Repair Services - 6 Month Warranty Fast Turnaround

Outlet Center - Refurbished Tape Drives - 6 Month Warranty