Nearly 10% of Kroll Ontrack recoveries are now flash media
New malware such as CryptoLocker holds data to ransom
THE continuing proliferation of new drive types and the ever-growing problem of malware were among the biggest trends impacting the data recovery industry in 2013, according to year-end information from data recovery and ‘e-discovery’ products and services provider Kroll Ontrack.
The trends further underscore the need for businesses and consumers to understand how evolving technology affects their ability to protect and recover critical data, the company said in a statement.
Solid state drives, other flash devices
It’s a case of dozens of different manufacturers, all with unique technology, according to Kroll Ontrack.
As prices for solid-state drives (SSDs) and other flash devices continue to decrease and align more closely with hard drive prices, nearly 10% of Kroll Ontrack recoveries are now flash media.
Beyond a greater percentage of SSD and other flash-based recoveries, Ontrack Data Recovery engineers grappled with new drive formats, such as hybrid drives, which contain both SSD and spinning drive components.
Hybrid drives promote operation optimisation and tiering, storing more frequently accessed hot data on the faster SSD and less accessed data on the slower spinning portion of the drive, or utilise the flash-based portion as a cache.
“With SSD and other flash standards still evolving, each new drive format is specific to the manufacturer and therefore requires a new just-in-time (JIT) data recovery toolset and methodology, which impacts recovery speeds and quality,” said C.K. Lee, country director Asia − DST, Kroll Ontrack.
“With that in mind, regular backups are critical. Further, SSD and other flash device users should download the useful manufacturer’s software tools from their website to optimise and monitor the health of the drive,” he added.
Hard drives: New approaches needed
SSD and other flash media weren’t the only storage media on the cutting edge in 2013.
Leading hard drive manufacturers innovated to pack more capacity into drives. For example, Hitachi built helium-filled drives. With less dense air, hard drive heads fly more freely with less resistance, giving Hitachi the ability to put their platters closer together and thus pack more platters into their drives.
In contrast, Seagate is increasing hard drive capacity through shingled magnetic recording (SMR) technology, which stores data bits in overlapping versus linear patterns.
“The impact on data recovery from these newer technologies is yet to be determined,” said Lee.
“For example, opening a helium-filled drive in a cleanroom environment could cause the drive heads to crash more easily and make data recovery much more challenging.
“We are therefore closely watching these technology developments, and testing various methods to safely and effectively address them in a cleanroom environment,” he said.
New malware impacts data accessibility
In 2013, the CryptoLocker virus was born, hijacking computers and networks in an exchange for ransom.
CryptoLocker is a trojan horse malware, and also a form of ransomware targeting computers running Windows.
The attack usually comes disguised as a legitimate email attachment. When activated, the malware encrypts certain types of files with the private key stored only on the malware's control servers and displays a message which suggests the data can be decrypted for payment by a certain deadline.
If the deadline passes, the warning message threatens that the private key will be deleted and data is unrecoverable. However, virus victims have been able to unlock their files after the initial time is up, but the cost has been incrementally more than the original ransom requested.
“This virus has unfortunately succeeded because the cost of downtime to businesses can be as detrimental as US$5,600 a minute, according to the Ponemon Institute, and therefore businesses are finding it is cheaper and more efficient to cater to the demands of these hackers,” said Abhik Mitra, data recovery product manager, Kroll Ontrack.
“Criminals clearly understand how valuable data is to businesses and individuals. The takeaway is to be aware of suspicious emails, and take the extra step of backing up in case you fall victim to these scams,” he said.
While customers turned to Kroll Ontrack to reverse the impact of viruses like CryptoLocker, data storage companies proactively looked to the company in 2013 to do the reverse – test, validate and certify the effectiveness of the encryption integrated into storage products to ensure no one can get unauthorised access to the data.
For data protection, encryption is a must and thus becoming more commonplace. However, encryption presents an additional layer of recovery complexity because the encryption key is required.
With software-encrypted drives, such as those using Microsoft BitLocker, Check Point PointSec, McAfee Safeboot and others, the user holds the key and can supply it to the data recovery company when needed.
This is in contrast to hardware encrypted drives, such as Secure Encrypted Drives (SED) or Full Disk Encryption (FDE), where the key is built right into the drive.
If a hardware-encrypted drive becomes corrupted or malfunctions due to physical, logical or electrical issues, the key is essentially locked in the drive, requiring data recovery engineers to bypass the failure to get the drive working and then decrypt the data as part of reading the drive.
For these reasons, Kroll Ontrack is focusing more of its research and development efforts towards dealing with encrypted data more efficiently, the company said.
In 2013, Kroll Ontrack also saw a continued increase in the number of users taking it upon themselves to recover data. In fact, more than 10% of the time, Kroll Ontrack saw drives that showed signs of data access attempts, which can hinder recovery efforts.
“DIY software is a cost-effective and proven solution for individuals and businesses that are both willing and comfortable to try data recovery on their own,” said Abhik.
“The key is knowing when software is applicable to the situation. If physical damage to the drive is obvious, the operator should power down the drive and consult a professional data recovery company to avoid any further data loss,” he added.
IT’s insurance plan against the cost of data loss
WD Se hard drives for ‘scale-out’ data centre use
Disaster: Malaysian companies not confident they can recover
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.