January 3, 2022

Ransomware is malicious software that prevents access to computer files, systems, or networks, requiring the payment of a ransom to restore access. Ransomware attacks can be costly because the loss of critical information or data disrupts a company’s operations.  

Ransomware can be deployed when an employee unknowingly clicks on an email attachment, ad, or website embedded with malware that has been installed by privileged users without their knowledge or by an unauthorized user through a hack. Usually, the malware code will lock access to the computer or data files, often encrypting the local files or even sophisticated networks.  

Typically, cybercriminals are not experienced at exploiting mainframe environments, since they are less common than x86 systems. However, networks can create vulnerabilities. Mainframe users should know how they can become exposed to ransomware and how to protect themselves from attacks, including the best forms of backup to protect vital data from being lost. 

Tips for Avoiding Ransomware

To avoid ransomware, companies should keep operating systems, software, and applications current and up to date. For example, IBM announced the release of its IBM z/OS V2.5, which offers security measures aimed at ransomware threats. 

Implementing multi-factor authentication (MFA) will reduce risk of unauthorized access to the mainframe.

Regularly back up data and systems images and test to confirm they are complete. Backed up data should be immutable via physical or virtual isolation from the primary data to ensure the backup data is unchangeable. 

Create, review, and test a continuity plan to prevent interruptions to operations. 

What ian Event Occurs?

Paying the ransom in return for the decryption key may seem the easy way to lessen the impact of a ransomware attack. However, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) warns that paying up encourages further ransom demands and may violate OFAC regulations. Under the Trading with the Enemy Act, companies are prohibited from engaging in transactions with individuals or groups on a Specially Designated Nationals and Blocked Persons List. 

The cost of trying to mitigate a ransomware attack on your own can be considerable, but there is no guarantee that paying the ransom will lead to getting your data back. Cybercriminals have been increasing their ransom demands from thousands of dollars in cybercurrency to millions. 

IBM Z Targets Ransomware Protection

Even the U.S. government has acknowledged the immense security threat ransomware presents. The Department of Justice (DOJ) has declared that fighting ransomware will be given the same priority as battling terrorism, referring to the Colonial Pipeline attack as an example. 

As a leading producer of mainframe technology, IBM has made fighting ransomware one of its priorities with the release of its IBM z/OS V2.5, which offers security measures aimed at ransomware threats. Security enhancements for this mainframe OS include those in the areas of: 

  • Authentication 
  • Authorization 
  • Logging 
  • System Integrity 
  • System and Data Availability 
  • Encryption for In-Flight and At-Rest Data  
  • Overall Data Privacy  

IBM Storage Provides Protection Against Ransomware

Ensuring your company has clean, immutable copies of data is essential to restoring a system that has been compromised by ransomware. IBM has been providing backup and recovery in the mainframe environment for decades and has refined these solutions to address modern attacks. Specific storage solutions include IBM’s DS8000 Storage and TS7700 Virtual Tape. 

Safeguarded Copy for DS8000 Solutions

Safeguarded Copy is a feature of Copy Services Manager that is available on IBM DS8000 Flash Storage Systems. Safeguarded Copy creates an immutable virtual backup outside of the production environment with protection from corruption. Your company can define Safeguarded Copy schedules to create multiple backups on a regular basis, such as hourly or daily, that are designed to reduce performance impacts. 

Safeguarded backups created outside the production environment can be used to restore a production environment quickly back to a point in time before the corruption occurred. For Mainframe clients currently using IBM DS8000 Storage, implementing Safeguarded Copy can be as simple as adding more capacity for the additional data copies! 

TS7700 Virtual Tape Solutions

IBM physical or virtual tape has been the most widely utilized form of data backup for a generation. In recent years, IBM has enhanced the capabilities of its TS7700 line of Virtual Tape backup systems with features such as Logical Write Once Read Many (LWORM) and Transparent Cloud Tiering (TCT). 

Logical Write Once Read Many (LWORM) 

LWORM is an emulated virtual equivalent of writing once to physical tape and reading many times. A physical tape is the ultimate “air gapped” copy of data, since it is offline and safe from external threats. LWORM is an economical modern-day equivalent of physical tape.  

LWORM is available for TS7700 grids using microcode level 8.6.0 or higher. When TS7700 creates its LWORM volumes, DFSMS HDR1 retention policies are created and never modified. This prevents tapes from being deleted for a fixed amount of time or “forever.” 

TS7700 LWORM technology provides organizations with two important benefits. First, it ensures compliance for data that requires it. Second, it creates well-protected copies of data that can be used for normal data stores, even if compliance is not specifically required. 

TS7700 has also implemented an LWORM Retention Protection capability that enables you to modify the retention mode and retention period on your virtual tapes. LWORM Retention Protection helps you comply with industry regulations on data that you must retain for compliance purposes, such as SEC 17a-4, CTCC, and FINRA regulations, which require WORM storage.  

IBM TS7700 is a leader in disaster recovery storage for IBM Z mainframe environments. Its virtualization engine provides unique capabilities that are specifically tied to how z/OS and typical tape workloads operate.  

Transparent Cloud Tiering (TCT) 

The TS7700 enables your company to store virtual tape backups in a public cloud, such as AWS or Azure, with the Transparent Cloud Tiering Feature (TCT). The advantages of TCT are the ability to store data off-site at a cloud provider with potentially limitless capacity. Disadvantages can be the time it could take to retrieve data from the cloud provider at your primary data center in the event of a ransomware attack.  

Optimizing IBM Storage for Ransomware Protection 

PSR is an authorized IBM Platinum Business Partner for IBM storage and can help implement the solutions discussed to provide an additional layer of protection for your mainframe in the event of a ransomware attack.  

We find many smaller mainframe environments have limited backup capabilities so PSR offers Virtual Tape as a Service, integrating virtual tape with our Disaster Recovery solution for mainframe. Our virtual tape as a service includes all hardware and implementation, eliminating capital expenses, and uses a secure VPN connection for most environments. 

Find out more about virtual tape for the mainframe. Read our case study.