This document outlines the strategy to protect the data and systems of package−client from ransomware attacks. The purpose of this policy is to mitigate the risk of ransomware, ensure rapid recovery, and maintain business continuity for package−client in the event of an attack.
This policy applies to all cloud-hosted and on-premise environments that process or store data for package−client.
Our primary defense against data loss from a ransomware attack is a robust backup and recovery strategy for package−client's data.
- Rolling Snapshots: Automated rolling snapshots are configured for all MariaDB instances on AWS RDS that contain package−client data. These snapshots are retained according to defined Recovery Point Objectives (RPOs) and allow for point-in-time recovery.
- Immutability: Snapshots are protected via AWS backup policies and IAM restrictions to prevent unauthorized deletion or modification by ransomware.
- TLS-Encrypted Backups: All of package−client's backup data is transmitted over TLS to ensure secure transport.
- NAS Infrastructure: Backups are stored on isolated NAS volumes with write-once access policies. The filesystems support immutability flags (e.g., ZFS or Btrfs) to prevent tampering.
- S3 Buckets: Backups are stored in encrypted S3 buckets, with Object Lock enabled for compliance-grade immutability.
For on-premise deployments, we operate on a shared responsibility model for ransomware protection.
- Local Backup Strategy: We provide the capability for encrypted backups to be stored on isolated volumes. package−client is responsible for ensuring these backups are maintained and for optionally enabling immutability using ZFS snapshots or third-party backup tools.
- Security Hardening: Our deployments include pre-configured UFW rules, a ModSecurity WAF, and local MQTT telemetry for anomaly detection.
To protect package−client's data from being compromised during a ransomware attack, all data is encrypted, making it unreadable to attackers even if they manage to exfiltrate it.
- Data in Transit: All inter-service communication, API calls, and webhook exchanges for package−client are encrypted using 128-bit asymmetric encryption. TLS is enforced for all external endpoints.
- Data at Rest: Sensitive data and files for package−client are encrypted within the persistence layer using client-specific keys managed via AWS Secrets Manager or local equivalents.
- Client-Specific Keys: The installation for package−client uses a unique cryptographic key set to ensure siloed encryption and prevent cross-tenant access.
We have an incident response plan in place for a suspected ransomware attack on package−client's services.
- Anomaly Detection: Suspicious activity, such as mass file access or a burst of failed login attempts, is logged via MQTT and analyzed in InfluxDB.
- Alerting: Threshold-based alerts trigger notifications to our security team and can initiate automated containment workflows.
- Incident Response: In the event of a suspected ransomware attack, immediate action is taken to isolate the affected systems, notify package−client, and begin the recovery process from our immutable backups.
This policy will be reviewed annually, or in the event of a significant security incident, to ensure its continued effectiveness in protecting package−client from the threat of ransomware.