How to protect your NetApp ONTAP system against ransomware

Ransomware has become a sad fact of life for many organizations. Companies have gone out of business because of ransomware, and lives have been put at risk when ransomware attacks targeted healthcare organizations and hospitals. Over the years, data and backups have turned into a prime target of hackers. To help protect our NetApp customers, Simac has set up a partnership with ProLion and can now offer CryptoSpike, ransomware protection for NetApp storage.

If you have not fallen victim to a ransomware attack yet, chances are you will in the near future. According to analysts, 75% of IT organization will suffer one or more ransomware attacks by 2025. In 2020, the number of attacks was 7 times higher than in the previous year, and predictions are this exponential growth will continue. The cost of a ransomware attack is enormous: not only do companies sometimes have to pay a ransom to get access to their data again, the cost of downtime is estimated to be 10 to 15 times higher than the ransom itself. On top of that, there’s the reputation damage if the attack cannot be kept secret.

Backup admin console shows ransomware hackers the way to sensitive data

Getting infected by ransomware is easy enough: a single click on a malicious email attachment or link is enough for the harmful software to begin encrypting files in the background. While employee devices are the most common targets of ransomware attacks, the damage is not limited to the personal files of the user. The employee device is just the entry point for hackers, who go on to crawl across the network, searching the most valuable assets to block or encrypt. When hackers gain access to the backup administration console, they get a clear insight into where the most sensitive application data is kept.

CryproSpike’s monitors behaviour patterns and reports anomalies

CryptoSpike from our partner ProLion was specifically designed for NetApp ONTAP storage systems. The software can quickly detect malicious software and prevent it from spreading. CryptoSpike monitors behaviour patterns:  based on defined policies on the network , the software can define what transactions are permitted and what transactions are not. CryptoSpike also learns how users act and can detect when manipulations are done in a different way. As soon as an anomaly is detected, the system raises an alarm and blocks the infected user. The administrator automatically receives details of the files that were affected and can review the most recent transactions. Once all malicious programs have been detected and removed, CryptoSpike supports the recovery process with a list of the affected files. With just one click, the damaged files can be replaced by clean copies, thanks to the native snapshot integration. By only replacing the infected files and not the entire snapshot, this process happens swiftly and easily. Just imagine you would have to restore the entire backup if you have 3,000 volumes with different snapshots. Sorting out what to restore would take ages.

CryptoSpike is easy to install and easy to use

When something happens, time is of the essence. That’s why ProLion took great care in making the software interface as intuitive as possible, both for setup and for configuration management. If the house is on fire, you don’t want to consult a complicated manual, the intuitive tiles of CryptoSpike Manager take the user by the hand.

With ransomware attacks on the rise, the question is not if you will be attacked, but when.

Realtime detection and instant remediation is an absolute need at that moment. With our expertise in NetApp storage systems and CryptoSpike we have already helped several Belgian organizations enhance their protection. Are you interested? Feel free to contact me.