Year in Review: How bigger & faster drives, encryption, and new malware impacted data recovery in 2013
December 2013 by Kroll Ontrack
The continuing proliferation of new drive types and the ever-growing problem of malware were among the biggest trends impacting the data recovery industry in 2013, according to year-end information from data recovery and e-disclosure products and services provider Kroll Ontrack. The trends further underscore the need for businesses and consumers to understand how evolving technology affects their ability to protect and recover critical data.
Solid State Drives (SSD) & Flash: Dozens of different manufacturers, all with unique technology
As prices for SSD and other flash drives continue to decrease and align more closely with hard drive prices, nearly 10 percent of Kroll Ontrack recoveries are now flash media. Beyond a greater percentage of SSD and other flash-based recoveries, Ontrack Data Recovery engineers grappled with new drive formats, such as hybrid drives, which contain both SSD and spinning drive components. Hybrid drives promote operation optimisation and tiering, storing more frequently accessed hot data on the faster SSD and less accessed data on the slower spinning portion of the drive or utilise the flash-based portion as a cache.
“With SSD and flash standards still evolving, each new drive format is specific to the manufacturer and therefore requires a new just in time (JIT) data recovery toolset and methodology, which impacts recovery speeds and quality,” said Paul Le Messurier, Head of Programmes and Operations for Western Europe, Kroll Ontrack. “With that in mind, regular backups are critical. Further, SSD and flash drive users should download the useful manufacturer’s software tools from their website to optimise and monitor the health of the drive.”
Hard Drives: Greater capacity requires new approaches to data recovery
SSD and flash weren’t the only storage media on the cutting edge in 2013. Leading hard drive manufacturers innovated to pack more capacity into drives. For example, Hitachi built helium-filled drives. With less dense air, hard drive heads fly more freely with less resistance, giving Hitachi the ability to put their platters closer together and thus pack more platters into their drives. In contrast, Seagate is increasing hard drive capacity through shingled magnetic recording (SMR) technology, which stores data bits in overlapping versus linear patterns.
“The impact on data recovery from these newer technologies is yet to be determined,” said Le Messurier. “For example, opening a helium-filled drive in a cleanroom environment could cause the drive heads to crash more easily and make data recovery much more challenging. We are therefore closely watching these technology developments, and testing various methods to safely and effectively address them in a cleanroom environment.”
Viruses: New malware impacts data accessibility
In 2013, the CryptoLocker virus was born, hijacking computers and networks in an exchange for ransom. CryptoLocker is a Trojan horse malware, a form of ransomware, targeting computers running Windows®. The attack usually comes disguised as a legitimate email attachment. When activated, the malware encrypts certain types of files with the private key stored only on the malware’s control servers and displays a message which suggests the data can be decrypted for payment by a certain deadline. If the deadline passes, the warning message threatens that the private key will be deleted and data is unrecoverable. However, virus victims have been able to unlock their files after the initial time is up, but the cost has been incrementally more than the original ransom requested.
“This virus has unfortunately succeeded because the cost of downtime to businesses can be as detrimental as $5,600 a minute, according to the Ponemon Institute, and therefore businesses are finding it is cheaper and more efficient to cater to the demands of these hackers,” said Phil Bridge, managing director, Kroll Ontrack. “Criminals clearly understand how valuable data is to businesses and individuals. The takeaway is to be aware of suspicious emails, and take the extra step of backing up in case you fall victim to these scams.”
Encryption: Leveraging data recovery expertise to validate security
While customers turned to Kroll Ontrack to reverse the impact of viruses like CryptoLocker, data storage companies proactively looked to Kroll Ontrack in 2013 to do the reverse – test, validate and certify the effectiveness of the encryption integrated into storage products to ensure no one can get unauthorised access to the data. For data protection, encryption is a must and thus becoming more commonplace. However, encryption presents an additional layer of recovery complexity because the encryption key is required. With software encrypted drives, such as those using Microsoft BitLocker, Check Point PointSec, McAfee Safeboot and others, the user holds the key and can supply it to the data recovery company when needed. This is in contrast to hardware encrypted drives, such as Secure Encrypted Drives (SED) or Full Disk Encryption (FDE), where the key is built right into the drive. If a hardware encrypted drive becomes corrupted or malfunctions due to physical, logical or electrical issues, the key is essentially locked in the drive, requiring data recovery engineers to bypass the failure to get the drive working and then decrypt the data as part of reading the drive. For these reasons, Kroll Ontrack is focusing more of its research and development efforts towards dealing with encrypted data more efficiently.
Do-it-yourself: Tech savvy consumers are increasingly attempting data recovery
In 2013, Kroll Ontrack also saw a continued increase in the number of users taking it upon themselves to recover data. In fact, more than 10 per cent of the time, Kroll Ontrack saw drives that showed signs of data access attempts, which can hinder recovery efforts.
“DIY software is a cost-effective and proven solution for individuals and businesses that are both willing and comfortable to try data recovery on their own,” said Bridge. “The key is knowing when software is applicable to the situation. If physical damage to the drive is obvious, the operator should power down the drive and consult a professional data recovery company to avoid any further data loss.”