The malware, the best known examples of which include WannaCry and Petya, encrypts files. Affected companies are asked for a ransom. If ransomware is not detected very quickly, data can be lost.
It’s not only files on the local computer that are harmed, but also those on authorised network drives. So any customer that uses NetApp as NAS (Network Attached Storage), either CIFS or NFS, should have implemented protection against ransomware.
Just a single click on a malicious link or e-mail attachment can install malware in the background which can run unnoticed for months. There is then a risk that, over time, the backup media will only be holding encrypted files, and the originals can no longer be restored.
Companies and public institutions now regard ransomware attacks as the greatest cyber security risk.
75% of affected organisations experience 1-5 ransomware attacks per year.
25% experience more than 6 attacks.
For the business, this means: 41% downtime, 39% productivity loss, 30% data loss.
Three aligned strategies are deployed to detect attacks:
White list includes all the file endings that are permitted in your company; they are automatically output from the storage when CryptoSpike is being installed.
Black list currently holds around 1800 known ransomware file endings or file names which are updated every day.
Learner is the second safety level and the vital component. It’s rare for current ransomware to change file names and endings, so encryption cannot be detected externally. The Learner therefore analyses patterns of user behaviour in your company, e.g. for read/write/open/close file operations. To do this, the last 50,000, e.g., transactions in the network are recorded and saved in the White Patterns list. There is also the Black Patterns list with behaviour patterns from current ransomware attacks.
CryptoSpike follows a sliding pricing model, depending on the number and size of the NetApp Storage Controllers.