Search Rocket site

Protecting Your Mainframe Against Relentless Ransomware

Heidi Losee

October 7, 2021

It seems like just about everyone is talking about ransomware, from business leaders, to the upper echelons of governments, even the US President. Of course this shouldn’t be a shock, with ransomware costs expected to reach $20 billion in 2021, a 57-fold increase over the last six-years. If ransomware wasn’t already on organizations’ radars, the headline-making attacks of the past year (from the Colonial Pipeline, to Kaseya, to the NBA) illustrated just how easy it’s become for attackers to wreak havoc in our interconnected digital environments.

Rarely, if ever, do we learn if these attacks impacted the mainframe. Most would prefer to shield the mainframe, the resilient keeper of the most sensitive customer data, from the smear of a ransomware attack. The “conspiracy of silence,” depicts the technology as an unbreakable fortress. But since the mainframe is a gold mine of valuable data, processing 30 billion transactions each day, it’s almost impossible that massive attacks have not touched the mainframe.

Hackers’ techniques, tactics and procedures are only becoming more sophisticated, while the number of potential entry points grow as IT becomes more distributed. From increased reliance on the cloud, to the rising number of IoT devices there are more network nodes than ever, waiting to be exploited. Once they’re in, hackers can monitor internal traffic and potentially gain mainframe credentials. If the mainframe suffers from integrity vulnerabilities, even the lowest level of mainframe credentials could encrypt all mainframe data and demand a ransom.

With ransomware on the rise, organizations need to safeguard their most valuable IT asset immediately. Here are a few steps IT leaders can take:

Proactively search for vulnerabilities

After being notified of an attack, it’s already too late to act. The damage is already done. Organizations need a strong cybersecurity strategy in place from the start, one that not only offers solutions to damaging situations, but puts up the defenses to avoid those situations altogether.

The truth is, integrity vulnerabilities exist on the mainframe and they could provide hackers with access in as little as 30 seconds. All too often we see business leaders absolutely shocked to learn their system has integrity vulnerabilities. Frequently and automatically scanning for vulnerabilities at the OS-level provides organizations with the insight they need to close dangerous gaps and maintain integrity.

Assume the bad guys are already in

Ransomware groups have become well-oiled machines, inducing an entire ransomware-as-a-service industry where conspirators can claim as much as 80% of ransom payments. There’s so much money on the line, it’s no wonder attack arsenals have become so refined.

Attackers are so stealthy they can infiltrate your system right under your nose. To block unwanted guests from escalating their privileges and gaining access to prized possession like the mainframe, organizations need to assume their firewalls have been breached. This means encrypting internal communications to limit the information attackers can access and constantly verifying user identity.

Develop a process for integrity

You can’t have security without integrity. Patch management is essential to getting there, but unfortunately, it’s often pushed aside, with teams afraid patches will impact uptime. As a result, mainframe patches can take 3-18 months, leaving doors open for exploit.

Organizations need to create a policy for dealing with integrity vulnerabilities and patches. On the flip side, vendors need to provide a clear and concise vulnerability description to illustrate what hackers can do in the time leading up to the patch. Erasing the conspiracy of silence around integrity vulnerabilities empowers risk leaders to classify integrity vulnerabilities and prioritize the most dangerous holes. At the same time, IT teams should not be punished for downtime as a result of a patch – it’s better than downtime due to an attack.

Report ransomware attacks if they happen

Silence and coverup are some of the top perpetrators of ransomware attacks. How will the bad guys ever be caught if no one is sounding the alarm? Cyberattacks have become so pervasive and destructive that new legislation was recently introduced to require critical infrastructure companies to report cyberattacks to the federal government and most organizations to alert federal government if they pay ransomware.

With the majority (86%) of organizations agreeing that mainframes are essential for driving a highly scalable workload, protecting it from threats like ransomware is critical to keep industries running. Just because we don’t hear about ransomware hitting the mainframe doesn’t mean it’s not happening or not possible. The exponential rise in ransomware attacks has only made guarding the mainframe more urgent.

Related posts


Navigating Mainframe Performance Challenges: A Roadmap to Success

How Well Do You Know the Mainframe? Celebrating 60 Years of Mainframe Computing

Make the Most of Mainframe Security Services