Cloudflare to auto-brick servers that go offline in Ukraine, Russia

Cloudflare to auto-brick servers that go offline in Ukraine, Russia

Cloudflare announced that it is taking drastic measures to protect data of customers in Eastern Europe under current conditions of the Russian invasion of Ukraine.

The U.S.-based web infrastructure and security company known for its DDoS mitigation services announced its decision to stay in the Russian market, albeit with some aspects of its business suspended.

Data protection measures

To protect client data during the ongoing conflicts, Cloudflare has removed all customer encryption keys from data centers located in Ukraine, Russia, and Belarus, and deployed its “Keyless SSL” technology.

This technology enables organizations to use a cloud vendor for SSL/TLS encryption without giving them the master key. The system moves the private key handshake off of the vendor’s server and replaces it with secure “session keys”.

These keys are provided to the vendor via a secure channel, so while the company’s private keys are still being used, they’re not shared with anyone outside the firm.

How the Keyless SSL technology works
How the Keyless SSL technology works (Cloudflare)

The second measure is the addition of a forceful configuration on all servers located in Ukraine, Belarus, and Russia, to automatically brick in the case of a power loss or internet connection disruption.

“All data on disk is encrypted with keys that are not stored on site. Bricked machines will not be able to be booted unless a secure, machine-specific key that is not stored on site is entered.” – explains Cloudflare

Not exiting the Russian market

The firm is taking a side with Ukraine on this conflict, and is willing to comply with all the requirements that arise from the imposed sanctions against Russia.

However, Cloudflare explains that Russia currently needs more internet access, not less, and terminating its services in the country would have an adverse effect on people who need to stay connected with the rest of the world.

By exiting the market, the company believes it would make most people in the country more vulnerable to Russia’s sweeping censorship laws. In fact, Cloudflare thinks the Russian government would celebrate this development.

We absolutely appreciate the spirit of many Ukrainians making requests across the tech sector for companies to terminate services in Russia. However, when what Cloudflare is fundamentally providing is a more open, private, and secure Internet, we believe that shutting down Cloudflare’s services entirely in Russia would be a mistake

Protecting Ukraine

Finally, Cloudflare disclosed that the DDoS attacks against critical Ukrainian entities began before the start of the Russian invasion, to which the firm responded with an extension of services that now cover the country’s government and telecom organizations.

Cloudflare assists over 60 organizations in Ukraine at the moment, with 15 of them having sought emergency assistance for the first time during this period of turbulence.

Any other Ukrainian organization facing severe cyberattacks can apply for free protection under Project Galileo by using this portal.