Recovering Your Servers & Workstations After a SolarWinds Breach

Mar 16, 2021 Blog Article

Vivian Cullipher Vivian is a career writer and editor, having covered technology-related topics for government and B2B organizations since before LinkedIn and the iPhone. As Blancco’s head of content, she oversees the development of thought-leadership-based copy for web, social media, and other Blancco communication channels.

SolarWinds’ Orion network monitoring program was recently hacked, providing a critical entry into over 18,000 government and private networks. This hack has been referred to as the “Pearl Harbor of American IT.” 

The hack infiltrated the update server of the Orion program and allowed the perpetrators to appropriate user IDs, passwords, financial records, source codes, and anything else on these networks. The U.S. Cybersecurity Infrastructure and Security Agency (CISA) said the hack posed a “grave risk” to the US government at all levels.

This article is not to review the methods implemented to infiltrate the SolarWinds Orion program and SolarWinds clients, but to provide a best practice for securely and completely erasing (that is, verifiably scrubbing or wiping to achieve data sanitization) the potentially compromised IT assets so they can be reallocated and reused without being discarded or destroyed.

Compromised Architecture

The infiltration caused multiple vulnerabilities in targeted networks. It is an unknown whether all IT assets of the affected organizations are compromised or if there are backdoors placed throughout devices. The extent of the “Dark Halo Supply Chain Attack” is still being analyzed. It is safe to assume that all systems have been compromised and necessary steps must be taken to mitigate additional exposure and rebuild the victim’s network.

Reallocating IT Assets & Rebuilding Your Network

Compromised IT assets can include servers, SANs, workstations, and other IT assets. The reallocation of IT assets and the rebuild of the network is a monumental task. Our purpose is to provide steps to properly sanitize IT assets to be redeployed in a network.

Best practices for recovering IT assets affected by the SolarWinds breach

Servers

  1. Remove servers from the infiltrated network
  2. Flash the BIOS with the latest BIOS version.
  3. Run Blancco Drive Eraser on the server and verify the erasure was successful. Depending on the number of servers affected, Blancco Hardware Solutions may be appropriate for scaled erasure.
  4. Reinstall the operating system and reimage the server for production.
  5. Connect the server to the new network.

Workstations

  1. Remove the workstation (laptop/desktop) from the infiltrated network.
  2. Flash the BIOS with the latest BIOS version.
  3. Run Blancco Drive Eraser on the laptop/desktop and verify the erasure was successful.
  4. Reinstall the operating system and reimage the server for production.
  5. Connect workstation to the new network.

Verification of IT Assets

The drive erasure on each device can be performed by a multitude of erasure products and OEM tools. Blancco Drive Eraser is the most certified data erasure software in the world and supports adherance to global standards like NIST and BSI and ensures data destruction compliance with regulations like GDPR, HIPAA and Common Criteria. 

Blancco data erasure solutions ensure that all data on the drive, including within the host-protected area (HPA), device configuration overlay (DCO), and Trusted Platform Module (TPM) chip is securely erased then verifies the erasure before issuing a tamper-proof certificate of erasure. This stringent process ensures the full device is completely sanitized and ready to be reallocated to a newly rebuilt network. 

Why Choose Blancco Solutions?

For servers, workstations, and other assets with HDD, SSD, or NVMe drives, Blancco Drive Eraser uses industry-leading overwriting methods to obliterate data across the full logical capacity of the drive (and not just compressed). This ensures that no data is left behind and the device is no longer compromised, confidently redeeming your IT assets for continued use.

Blancco Drive Eraser and all associated Blancco hardware solutions provide NIST Clear and Purge-level data sanitization and implement ATA SecureErase/SanitizeDisk commands. 

Is your organization more comfortable with a DoD wipe or a regional standard? With support for more than 25 globally recognized data sanitization standards and its patented SSD erasure method, Blancco Drive Eraser is more than capable of performing the erasure pattern required by your regulatory body or internal policy. 

Need an erasure solution not outlined above? Consider our product page for more options.

Confidently recover your breached IT assets.

See how with a free data erasure trial.

You may be interested in: