It is important to remember that the photo or document you deleted may be recovered and may fall into the hands of someone else. That’s why you shouldn’t throw away old hard drives or memory cards. So why does our data continue to live even after it has been completely deleted, and is it possible to destroy it forever?

During the occupation of the Kiev region in March 2022, Russian special services organized a hunt for Ukrainian patriots and their personal data. According to eyewitnesses, enemy special services attacked local law enforcement officers, former military personnel, SBU employees, etc. It had pre-compiled lists of addresses.

The FSB special group deliberately searched the homes of activists and security forces and seized their computers and mobile phones. With the help of special equipment, the Russians cracked the devices on the spot, obtained secret information and easily restored even photos and documents deleted by their owners in the event of an enemy raid.

To prevent sensitive data from falling into enemy hands, military families were forced to bury their laptops, hard drives, and flash drives in the ground or physically destroy digital information carriers.

So how do you delete files?

Traditional hard disk drives (HDDs) store data on polished magnetic metal platters by magnetizing sectors. The magnetized part indicates “1”, and the demagnetized part – “0”. When you delete a file, the operating system marks the space on the hard disk containing the data as empty and removes the access path to it from the file system.

However, this “deleted” magnetic data is still stored on the disk. They can be recovered using special software that scans the drive for magnetized partitions and reassembles the deleted files.

A more reliable way to destroy data is to format hard drives. This creates a new file system and the operating system loses the ability to reference data. However, old files will continue to be stored on disk until new data is written over them.

To destroy unwanted data, some users use full disk formatting. Usually this procedure involves “zeroing” disks when “0” is written to all magnetic sectors of the disk. At first glance, this procedure should completely delete all data, but this is not quite the case.

The fact is that due to the nature of magnetization, there are still light traces in the “zeroed” sectors. They can indicate which bits were used to read “1” before. Recovery experts often use this trick to read remaining traces and reconstruct data. Even if the disk is formatted in “zero” format by dividing it into blocks.

Some companies working with critical data are forced to physically destroy servers and drives with the help of presses, trucks, and even hammers. Another analogue of physical destruction is electromagnetic processing. During this procedure, special equipment is used, which disables the drive and makes it impossible to restore confidential data. However, such methods allow their servers to be distributed to educational institutions, armed forces, etc. It is not suitable for socially responsible businesses that want to donate their old equipment to charity for benefit.

Advice from the Pentagon

To reliably delete information without physically destroying the medium, experts have developed so-called effective data erasure technologies. Yes, the US Department of Defense specification for secure deletion of information requires three sequential stages of overwriting:

• Zeros are written to disk first,
• then units,
• and then random data.

In the final stage, random sequences of zeros and ones are recorded on the magnetic medium. This process is usually repeated several times to completely erase any remaining traces and make it impossible to decrypt the data.

One of the most difficult and time-consuming ways to reliably delete data is Gutman’s method.

But there is also a flip side to the data destruction problem. After all, attackers are trying not only to recover your confidential information, but also to steal databases, financial or technical documents, etc. to which the business depends. It can also destroy critical data such as

Russians bribe employees of Ukrainian companies

In the summer of 2022, one of our enterprise customers (a company with large manufacturing facilities) was subjected to a series of powerful cyber attacks. The hackers, possibly linked to Russia, bribed the company’s IT manager, who personally introduced an encryption virus into the system. After this, the attackers hacked the digital infrastructure and destroyed all data along with backups.

It was nearly impossible to completely recover terabytes of critical data. Fortunately, shortly before the attack, the company managed to make a backup in the cloud. This made it possible to quickly restore data of virtual machines and servers using the Veeam Cloud Connect service.

After Russia’s large-scale invasion, the number of cyber attacks on Ukrainian businesses has increased many times. Unfortunately, most of the successful hacks of large commercial companies occurred precisely due to bribes of employees. Employees hired by the enemy simply insert a flash drive into the work computer, and a special virus spreads through the internal network, opening access to external attackers to both steal and destroy confidential data.

Cloud services can help

To ensure data integrity and availability, cloud providers often provide multiple backups. This ensures that businesses are guaranteed to recover critical data even in the event of a successful cyber attack. At the same time, the process of deleting unwanted data becomes more complicated. After all, if you need to delete a specific file, it may still be present in cloud backups.

But such junk files usually do not live for more than a few days. Since backups are constantly updated, over time old files will be completely deleted and overwritten with new data.

But for certain industries or particularly sensitive data, simply deleting a file from the cloud is not enough. In such cases, the on-demand cloud provider may use special techniques to repeatedly overwrite the file location to ensure that data deleted by the customer cannot be recovered.

As experience shows, by transferring its digital infrastructure to the cloud, the business gets rid of the headache caused by the security of confidential data and deleted files. After all, the cloud service has much better protection against cyber attacks than most corporate servers.

When physical storage devices (such as hard drives or SSDs) reach end-of-life, cloud providers use special decommissioning protocols that involve secure data deletion or physical destruction of the devices. Therefore, the business receives a guarantee that none of its data, including deleted files, will be restored and will not fall into the wrong hands.

In summary, The process of deleting data is much more complicated than emptying the recycle bin on the computer or on the phone. Reliably destroying sensitive information is a multi-step process that uses complex algorithms and sometimes requires dozens of data overwrites. And sometimes it is even possible to physically destroy the magnetic medium.

The solution to the information protection problem may be the transfer of data to cloud services. They use proven algorithms for protection and effective data deletion, reliably protecting corporate and private information from intruders or prying eyes.