MEDIA & ENTERTAINMENT
Unraveled: A Day-by-day Recap of an M&E Ransomware Attack
As this year’s Cyber Security Awareness month continues, we’re exploring a scenario created by our partners Marquis.
Welcome to First Class Post, a hypothetical multi-service post-production company. They’re slammed delivering assets to their clients, since getting work over the finish line and out the door is how they get paid. They’re ingesting about 10TB of data per day into an Avid NEXIS system and backing it up to a locally-stored NAS device. Business is booming; they’re even looking at taking on investors to grow faster.
Day one
Today, unbeknownst to them, First Class’ systems have just been infiltrated by a nasty ransomware attack. It is currently working its way through their network and encrypting any and all files it comes across. But the team at First Class is too busy to notice, and the attack carries on unfettered.
Day two
It’s immediately clear to everyone at First Class that something is wrong. Employees find they are unable to log in to their workstations. The technical team, attempting to understand what happened, discovers the Avid NEXIS and its backups are inaccessible. The team can’t make their production deadlines, and clients are on the phone looking for answers.
Day three
The hammer drops: all the First Class databases and Avid NEXIS workspaces are encrypted and inaccessible. The board receives a ransomware demand for $1 million in Bitcoin and an emergency meeting is called. Word starts to spread and suddenly half the industry knows First Class just got hit with a monster ransomware attack.
Day four
When the tech team tries to restore from a backup, they realize that their last restore had been after the infection. Their backup copy is encrypted and irrecoverable. With deadlines blown, contracts are defaulted on and suddenly First Class is looking at a major cashflow problem. There’s talk of getting a bank loan to pay the ransom, but there’s no guarantee that their content will be restored after they pay. Further, their insurance policy conveniently only covers equipment damage and is of no use in a cybersecurity attack. The team begins making tough calls to clients, and any interest the company had from investors dries up in an instant. Game over.
Rewinding the clock
Now, let’s replay the scenario and see how things could have gone differently. First Class did one thing right: they were regularly backing up their work. Reliable backups are the best defense against ransomware and key to any cyber resilience strategy. However, their backup strategy has some holes that left them vulnerable.
Protective partners
For one, they could use a media-specific backup software like Marquis which is specifically designed to integrate with Avid workstations and takes special consideration to not back up any encrypted files. This would stop their automated process from backing up files compromised by ransomware and give the organization a lifeline for recovery.
Cloud copies
Additionally, they could store their backups offsite. On-prem backups are easier for criminals to access once they’re inside your system. Cloud object storage is a convenient option for offsite storage as the files can be retrieved from any machine connected to the internet, important if a compromised system is your only path to your backups as in First Class’ case.
Immutable backups
Cloud object storage providers, like Wasabi, often offer options for immutable storage, preventing files from being altered or deleted by anyone for a designated period of time. No alterations means no encryption, so your data is safe from ransomware and other threats. By making every fifth backup an immutable one, you’ll always have something solid to restore from.
With these tactics, an organization like First Class will be well prepared in the event of a ransomware attack. The right combination of intelligent backup software and secure storage will have even the most hardened hackers running scared.
webinar
Future-proof your defense
Watch the webinar covering all aspects of data breaches and how to make your business more resilient.
Related article
Most Recent
Traditional security measures, while essential, are susceptible to human error or malicious acts. Enter: Wasabi's Multi-User Authentication.
See how to get a unified data management infrastructure that remains secure and effective for all challenges it may face in higher ed.
Learn how CISOs can enhance data security, streamline compliance, and manage data more efficiently and effectively with cloud object storage.
SUBSCRIBE
Storage Insights from the Storage Experts
Storage insights sent direct to your inbox every other week.