NetAppCloud Data ManagementPrimary StorageCloudData Center
Article6 minute read

NetApp Ransomware Protection

How ransomware works, and how you can mitigate the risks with NetApp's solutions, including SnapCenter, SnapShot, SnapRestore and FPolicy.

In this article

Ransomware attacks are spiraling out of control. The first half of 2021 saw a 900 percent increase in ransomware attacks compared with the same period in 2020. High-profile attacks against Colonial Pipeline, Kaseya, Ireland's Health Service Executive (HSE), CNA Financial and more sent a ripple effect across the globe.

The average cost of a ransomware attack reached $1.85 million in 2021 and is projected to cost victims a collective $265 billion by 2031, with an attack against a business, consumer or device every two seconds.  

Threat actors target enterprises for large payments or smaller organizations for large-scale small payouts. They will continue to diversify attack vectors and strategies to maximize their profits. As such, ransomware is a threat that no company can afford to ignore.  

 What is ransomware?

Ransomware is a type of malicious software (malware) that infects a computer and restricts users' access to data and files until they pay a ransom. Some criminals also threaten to publish the victims' sensitive information if the ransom is not paid.

 How does ransomware work?

First, a threat actor infects an organization's system with ransomware via infection vectors, such as phishing emails and Remote Desktop Protocol (RDP). After gaining access to the system, the ransomware will encrypt its data and files. Once the encryption is complete, the perpetrator will make a ransom demand in exchange for the decryption key.

 Potential losses caused by ransomware attacks

The bill of a ransomware attack goes beyond paying for the decryption key. Ransomware attacks impact downtime, people hours, device costs, network costs, lost business opportunities and a tarnished reputation that could take years to repair. Not to mention, you may have to pay for legal defense and settlement or incur higher insurance premiums.  

 Mitigate ransomware threats with NetApp

To reduce the impact of ransomware on organizational resiliency, you need a business continuity plan. It should include data backups that are isolated from a ransomware attack loop so you can avoid ransomware payment and ensure continuous operations. You also need to streamline recovery point objectives (RPO) to uninfected data points to protect against reinfecting systems with dormant ransomware.  

NetApp offers a suite of tools to help organizations prepare for ransomware threats and implement disaster recovery and business continuity plans:

 NetApp Cloud Insights and Cloud Secure

Cloud Insights is a subscription-based infrastructure and service monitoring solution for on-premises, private cloud and public cloud environments, including AWS, Azure and Google Cloud. One of its features, Cloud Secure, analyzes data access patterns to identify risks from ransomware attacks.

This turnkey solution uses machine learning technology to analyze user behavior patterns, detect anomalies and stop ransomware before it is too late. You can gain visibility into the sources of attack and access timely and actionable information to minimize your risks.

 NetApp SnapCenter for data protection

NetApp SnapCenter allows enterprises to coordinate and manage data protection across applications, databases and file systems. It simplifies backup, restore and clone lifecycle management while increasing performance and availability.  

NetApp Snapshot creates immutable point-in-time copies of the file system, which can't be deleted by compromised administrator accounts. Meanwhile, NetApp SnapRestore allows you to revert a volume to a specified Snapshot copy to speed up data recovery in the event of a ransomware attack.

 NetApp ONTAP and NetApp FPolicy

NetApp ONTAP is a leading data management software with various features to help you prevent ransomware from spreading and recover from attacks quickly with minimal impact. One of these features, NetApp FPolicy, provides a file access notification framework that enables administrators to monitor file access.

For example, FPolicy can protect against the most common types of ransomware through its native allow list and deny list capabilities.  You can also prevent the spread of day zero ransomware attacks by combining FPolicy with third-party partner solutions to leverage user behavioral analytics.

Beginning with ONTAP 9.10.1, there is an on-box, anti-ransomware feature. Machine learning is used to analyze NFS and SMB workloads to proactively detect and warn about abnormal behavior. This new ONTAP feature is intended to be part of an overall, multifaceted approach to security. The ONTAP Security & Compliance Bundle license is required to enable this new on-box capability.

 NetApp ransomware protection use cases

Here's how NetApp data storage solutions can help protect organizations from ransomware attacks:

Backup and disaster recovery

You can create backup instances of your file system with NetApp SnapCenter, which can also help you monitor and regulate all the activities in the storage systems to preserve data integrity. Meanwhile, NetApp SnapMirror supports fast data replication for critical applications and gives you the ability to recover data from point-in-time snapshots to ensure business continuity.

Native data encryption

NetApp Cloud Volume ONTAP (CVO) offers both hardware- and software-based solutions to help protect your data at rest. You can deploy both encryption methods simultaneously to achieve two layers of protection for your most sensitive data.

Continuous data availability

NetApp MetroCluster technology or SnapMirror Business Continuity (SM-BC) offer continuous data availability by synchronously mirroring data between storage systems to ensure business continuity for your most critical applications.  

Distributed enterprise

As a unified cloud storage platform, NetApp ONTAP allows you to manage data while maintaining a high-level of control and visibility. The remote-to-core infrastructure enables employees to access files and information from anywhere, supporting the growth of distributed enterprise in today's work-from-anywhere business environment without compromising compliance and security.

 Get comprehensive NetApp ransomware protection with WWT

Ransomware will continue to be a significant threat to organizations. Companies that invest in robust data protection, backup, and recovery capabilities will be better positioned to minimize the cost associated with these attacks while protecting their sensitive data and ensuring compliance with the latest regulations.

WWT is a leading provider of NetApp's data management portfolio solutions. As a certified Star partner, we help organizations strengthen their defense against cyber threats and protect their data with various applications to ensure business resiliency and continuity.

Whether you store your data in the public, private, or hybrid cloud, we can help you select the right software to address the latest threats and risks in today's business environment. Get in touch to learn more and see how we can support your implementation.

 

Technologies