Projects such as BigChainDB use external storage to save the Blockchain data. Similarly I am planning to use external storage to save large scale data and use Cosmos SDK to provide the blockchain capability on top of it (distributed nodes validate all the entries as they are being added onto the storage).
One question I have is, how Tendermint ensures the correctness of old blocks (that are on the storage)?
Recently there are incidents of ransomware corrupting the data on storage (actually it encrypted the data, demanding money to provide the decryption key). Essentially there is nothing (in Tendermint) that prevents anyone to access the database or harddisk directly and selectively overwrite parts of the record data.
I understand that block hashes has to match and changing the data will result in hash mismatches. The question I have is: when the old data on the storage is changed, how does Tendermint (or my app built on top of it), would know that somewhere on the disk some hashes are mismatching for some records?
Is the complete chain validated at all times (whenever a new block is being added)?
For example, on one node, one could open one year back records (on the database), and change the name / owner and save it. The hashes could be mismatching but no one really notices it, since it is old data. And then after a day or two, repeat the same on another node, and so on, till majority of the nodes are in inconsistent state.
Given that you cannot get back the data from hash, and that the system does not believe the minority nodes (if any, which may still have the original data floating somewhere), the veracity of the data becomes questionable.
Now, this may not have created new facts (since hashes do not match), but certainly created a scenario where the recorded facts became questionable. If someone disputes the records, there is no way to verify / validate the them.
How Tendermint prevents these kind of situations?
PS: If ransomeware could encrypt the whole data, it can certainly choose to overwrite portions of the data (and I personally know IT companies that got 30+ machines affected and locked up till they paid money). The worst part is, at the midnight their automated daily backup systems kicked in, literally replacing their pure backups with encrypted data copies, before anyone could understand what was going on in the morning.