Posts Tagged ‘cyber theft’

Ransomware Hits Light-rail System, Resulting in Lost Revenue

Brian Heckert

Principal Content Editor, Dell EMC
My first long-term exposure to technology was the typewriter. I still love that invention, which really sparked my interest in writing. For the past 20 years, I have worked in high tech as a content development specialist, marketing writer, and documentation editor. Prior to working in the software industry, I was a journalist, photographer, photo editor, and military fire fighter. After hours, I enjoy spending time with family, reading, and hiking in the mountains.

Ransomware really gets around, faster than even the best form of mass transportation can move busy commuters to work.


Recently, ransomware caused the San Francisco Municipal Transportation Authority (SFMTA) light-rail system to lose revenue when the organization shut down ticket machines and fare gates as a precaution to the malware attack. According to the SFMTA site, ransomware infected mainly 900 office computers. However, another source claimed that more than 2,000 computers were infected, including office admin desktops, CAD workstations, email and print servers, employee laptops, payroll systems, SQL databases, lost and found property terminals and station kiosk PCs.

The ransomware scrambled the data on infected hard drives, posted a message on corresponding computers (“You Hacked, ALL Data Encrypted, Contact For Key ( ID:601.”), then demanded a 100 Bitcoin ransom (approximately US$75,000) before the cybercriminals would agree to hand over a master decryption key that would allow the SFMTA to decipher the data ransomed on the infected hard drives.

Ransomware is a threat to businesses that already costs millions of dollars each year, and unfortunately is prevalent and grows more sophisticated. There are literally millions of new malware variants each year. In 2015 there were 431 million variants added, according to the Internet Security Threat Report.

Using a variety of attacks, criminals can inject malware into your network, which then holds your data or other systems hostage until you pay a ransom. Ransomware gains access to a computer system through a network’s weakest link, which is typically a user’s email or social networking site. Once a user clicks on a malicious link or opens an infected attachment, the malware spreads quickly throughout the system.

When a file or other data is held for ransom, the affected organization must meet the financial demands of the cybercriminal in exchange for a decryption key to “unlock” the ransomed data. If you don’t pay the ransom, you forfeit access to your computer and the data that’s on it. You also forfeit access for others to shared documents and data, compounding the impact exponentially. You might think that’s the worst case. Not so. (more…)

To Encrypt or Not? It’s Not Even a Question

Scott Delandy

Technical Director, EMC Core Technologies Division
Scott Delandy is Technology Director with EMC’s Core Technology Division (including VMAX, XtremIO, VNX, Data Domain, VPLEX, and RecoverPoint). Scott has been in IT for 25 years and has wide range of expertise across storage, virtualization, mission critical systems, and cloud computing. In his current role, he is responsible for driving strategy and technology alignment across product groups, working with users and partners to accelerate IT transformation initiatives across infrastructure and operations, and managing CTD's Leadership Development Program to identify, mentor, and develop high potential talent. His previous roles include product management, market and technology analysis, and technical field support. Scott is also a member of the EMC Elect social media community, an EMC TV correspondent, and is SPEED certified.

encryptionAs an IT organization, how confident are you that your organization’s data is secure and protected? From a protection perspective, it’s generally
expected to have RAID protection, redundant copies and backups, disaster recovery plans, etc. All essential good practices. But how secure are you from unauthorized access to data? Even when the data is at rest and believed to be secured within your trusted enterprise storage system?

It’s becoming an increasingly important topic as infrastructure teams look at their security requirements across the lifecycle of their storage systems. Operational and process questions related to security are starting to come up.  What happens to the data when a drive is replaced? What happens when data is migrated and a system is repurposed? What happens at the time of a refresh when a system is decommissioned?  And what is being done to prevent potential security breaches, such as if a drive is accidently lost, or even worse stolen?


Because of these growing concerns, many organizations are looking at how their security requirements are changing.  Some of these changes are being mandated by government and industry regulations. Many are also the result of internal mandates being driven by the security teams. Data at rest encryption is now playing an increasingly important part of an overall storage strategy. It’s expected that within the next few years, most, if not all data at rest will be encrypted. This is why every user we talk with considers encryption to be a “check the box” required feature for storage going forward.

VMAX D@RE – How does it Work?
VMAX provides secured array based data at rest encryption via “D@RE”. VMAX D@RE encrypts all user data on the array at the drive level. Every drive has its own unique encryption key and all drives within the VMAX are encrypted, including vault drives. If drives are removed from the array (ie drive sparing), their keys are instantly destroyed as part of the replacement process. If an array is retired the admin can permanently delete all copies of keys on that array making the data indecipherable and help address requirements around secure erasure of the system.

VMAX D@RE – Why’s It Different?
VMAX Array based encryption has three key advantages over other encryption alternatives.

No compromise: D@RE preserves all data services, including replication and more importantly, compression.  Alternatives that encrypt at the array level then compress at the drive level cannot combine the two capabilities. It’s because encrypted data does not compress (since it’s all unique) forcing users to compromise functionality and choose one or the other, but not both.

Performance: D@RE is faster than host or app based encryption without the use of hardware based accelerators. Since D@RE is hardware based at the array level, there is zero performance impact to the app, server or storage.  In addition, data erasures are instant, since only the encryption keys need to be deleted to make the data inaccessible.  That’s a key advantage, especially when an entire system, with 100’s of TB’s of data, is being replaced.

No fail destruction: And finally, it works even on badly failed drives. That’s important because when your drive fails, it can fail badly enough that it can’t be overwritten to remove private information. With drive level encryption, even though the failed drive might be “unreadable”, not being able to destroy the data securely still violates many security processes.  With D@RE, you can simply destroy the key from all locations and you’ve crypto-shredded or effectively made the data on the drive unreadable.    (more…)




Connect with us on Twitter

Click here for the Cloud Chats blog