Today, more than ever, securely backing up your information / data / files is critical to maintain your business or organization. With ransomware attacks popping up daily, our team wanted to create an elegant solution that would be resistant to ransomware attacks. The one-way strategy ensures that if your primary system was attacked or compromised, the attacker or attacking malware would not be able to manipulate your backups. Similarly, for personal use, regular people are under identity theft and ransomware attacks on a daily basis and therefore you could benefit from a secure backup strategy.
Currently, Project Cheyenne is available to support AWS environments with contributions to extend support to other environments warmly welcomed. Our team has open-sourced this project to attract forking of this code to other cloud platforms. We see this as playing a small part to tackle the threat of ransomware and identity theft.
Project Cheyenne is completely free. UNCOMN provides all instructions and code to the public for free under the MIT licensing construct. It is located on our UNCOMN Open-Source repo located here.
Project Cheyenne allows for a near instantaneous restore point objective to a pre-incident state. There is zero data loss risk to the disaster recovery backup databases that are inherently vulnerable to a production side attack. Cheyenne is offered as an olive branch.
Data is deposited into one of many configured "dropoff" S3 Buckets for the vault, originating from the multitude of AWS services, on-premises servers, or even from an entirely separate cloud like Microsoft Azure, Google Cloud, etc.
The creation or alteration of files in the "dropoff" bucket results in the dispatch of an ObjectCreated event in S3, which is sent to the Ingest function to begin processing and ingest into the Vault account.
The Ingest function is triggered by the AWS S3 notification, which provides several key pieces of information such as the S3 bucket name, object key, object size, tags, and more. This is used to determine which AWS SQS queue to send the object details to. In the event of a processing failure, the event details are sent to the configured Dead Letter Queue (DLQ) via AWS SQS.
The Duplicator function (or AWS Batch processing queue for larger requests) receives an invocation from the AWS SQS queue containing the key pieces of the original S3 event, then proceeds to issue AWS S3 CopyObject commands to duplicate the new or updated file into the Vault bucket. In the event of a duplication failure, the event details are sent to the configured Dead Letter Queue (DLQ) via AWS SQS.
Please note that AWS Batch processing functionality is a future planned functionality and is currently unavailable.
AWS S3 copies the file into the Vault bucket, re-encrypting it with a Vault-specific AWS KMS Customer Managed Key to ensure security and privacy of the file's contents, protecting the file against deletion or tampering through AWS S3 Object Lock configuration and ensuring Write-Once-Read-Many (WORM) compliance of the Vault's storage. Cost is managed using configurable AWS S3 Object Lifecycle policies once the data no longer needs to be retained.
Project Cheyenne is ransomware-resistant backup storage solution. In non-engineer speak, this is a series of instructions combined with code to deploy a one-way, cloud-enabled, secure backup solution for your personal or business use. This serverless application of technology is lightweight and cost-effective.
Project Cheyenne is available for download at UNCOMN’s Open-Source page.