Discover the protection features offered by FlexPod.Misplaced your phone? Can’t remember where you left it? Did someone steal it … or did you lose it? We’ve all been through these moments, and many of us have actually lost our phones, along with a lot of personal data. This is certainly a difficult situation to deal with. Now imagine how hard it would be if an organization with thousands of employees lost all of its data with no idea who stole it and with no measures in place to recover the lost data.

 

Welcome to RANSOMWARE!

What Is Ransomware?

Ransomware is a type of malicious software (malware) that uses cryptography to encrypt the victim’s sensitive data and holds it hostage until the victim pays the demanded ransom to receive a decryption key. Ransomware is often a product of organized crime, and attackers may not operate ethically, refusing to provide the decryption key even after the ransom is paid. 

Ransomware Impacts

According to a CNET report, the cost of ransomware could be as devastating as that of a natural disaster hitting a U.S. city, with an estimate of more than $19 billion across local governments and other sectors.

 

The cost of recovering from a ransomware attack usually includes rebuilding the affected environment, the cost of the ransom itself (if the demanded ransom is paid), and the business disruption due to the attack. According to a CoveWare ransomware report, in Q2 2019 the average ransom payment was $36,295 per incident per day. In Q3, that amount increased to $41,198—and there could be multiple incidents in a single environment. Also, typical downtime averaged 12.1 days in Q3, up from 9.6 days in Q2. 

 

Another report from Symantec highlights the fact that these malware attacks are a major challenge for organizations. WannaCry, copycat versions, and Petya have continued to inflate infection figures. Until 2017, consumers were the hardest hit by ransomware, accounting for major incidents of infection. In 2017, the balance tipped toward enterprises, with a majority of infections occurring in businesses. In 2018, that shift accelerated, and enterprises accounted for 81% of all ransomware infections. Overall, ransomware infections recorded for enterprises were up by 12% in 2018.

Protection Measures Offered by FlexPod

These days, phone manufacturers provide mature, robust, cloud-connected data services that perform sophisticated, granular data backup. These services could be easily accessed during a disastrous theft event. Similarly, FlexPod® is a proven platform with more than 9,000 worldwide customers and $11.5 billion in sales, running the mission-critical workloads of some of the largest enterprises on earth. FlexPod offers a wide range of benefits, with tools and technologies that safeguard customers’ data against ransomware and help them to recover quickly from a possible hostage situation. 

 

Components of a solution with FlexPod to protect against a ransomware attack.

Components of a solution with FlexPod to protect against a ransomware attack.

Most of the solution components are already integrated as part of a NetApp® ONTAP® system. Components such as NetApp Snapshot™, SnapRestore®, SnapCenter®, SnapLock®, and FPolicy® offer many useful features for data protection. The remote NetFlow collectors, such as Cisco Stealthwatch supported on Cisco NX OS running on Cisco Nexus switches, can help perform continuous monitoring and provide real-time threat detection and incident response forensics in case of an attack. In addition to all of these components, the Cisco UCS servicing as a compute endpoint is bundled with key products in compute or in the application layer. These products include Cisco Advanced Malware Protection for Endpoints, Cisco Advanced Malware Protection for Email Security, and Next-Generation Intrusion Prevention System.

 

For more information, TR-4802: FlexPod: The Solution to Ransomware describes the methods to detect, remediate, and prevent a ransomware (WannaCry) attack in a FlexPod Datacenter.

Detection

In the event of an attack, the malware starts encrypting the files, triggering an exponential increase in the size of Snapshot copies and a proportional decrease in the storage efficiency percentage within a matter of minutes. Administrators can be alerted to this rapid change. 

Remediation

With phone vendors providing cloud services for their devices, if you lose your phone it would be easy to get a new device and apply your fingerprint to restore all of your data and apps.

 

Similarly, the file systems mapped to a virtual machine can be restored using the last known clean Snapshot copy that was created prior to the malware attack.  

 

Using a NetApp SnapCenter plug-in on vCenter, a VMware-consistent Snapshot copy can be restored, which recovers and restarts the VM. The CIFS share of the VM can also be individually restored and returned to the last known healthy Snapshot copy of the volume.

 

With the Snapshot copies in place, the file systems can be remediated, and the environment can be restored to be production ready with minimal downtime.

Prevention 

If you lose your phone, and you’ve signed up for the cloud services that your phone vendor provides, you’ll soon be back in business. Similarly, malware attacks can be prevented, and the environment can be protected from such threats by using the tools provided by ONTAP and other services offered by FlexPod. 

 

One such tool is FPolicy file screening, which can be used to define policies on volumes and allow specific file operations to protect the file systems from unsafe file type extensions. The detailed discussion in TR-4802: FlexPod: The Solution to Ransomware describes all of the scenarios discussed in this blog and demonstrates the functionality of the ONTAP features that enable protection against ransomware attacks.

 

Learn more about FlexPod here.

Ravi B C B

Ravi works as a Senior Tech Marketing engineer for the FlexPod and the Hybrid Cloud Infrastructure team.

Has rejoined NetApp with over 20 years of experience in Virtualization and Cloud Solutions with VMware. He also has expertise in building end-to-end automation for Infrastructure Provisioning using vRealize stack.

Arvind Ramakrishnan

Arvind Ramakrishnan is a Solutions Architect for Hybrid Cloud Infrastructure.

He has been with NetApp for more than 8 years and is focused on building solutions for Cloud, AI, business continuity and datacenter security, using NetApp and its partner technologies. He has authored and published several solutions in the form of NetApp Verified Architectures, Cisco Validated Designs and Technical Reports. He has presented at several industry conferences and was recognized as a Distinguished Speaker at Cisco Live.

Add comment