Keystone takes ransomware detection and recovery to the next level

There’s no question that cybercriminals are stepping up their ransomware game. Cybercrime magazine predicts that by 2031, an attack will occur every 2 seconds, costing victims around US$265 billion annually. But it isn’t just the outlay for ransom payments that’s driving up that number. It’s also the cost of downtime to recover from a ransomware attack, get systems back up and running, and make data accessible again. Cybercriminals are continuing to hone their skills, so many companies are looking to storage-as-a-service (STaaS) solutions to help them build cyber resilient environments and recover from ransomware attacks faster.

Source: IDC White Paper: You Think Ransomware Is Your Only Problem? Think Again. IDC, September 2022.

How data storage is managed and updated plays a crucial role in protecting against and mitigating the damage of a ransomware attack. Traditional disaster recovery is not designed for a cyberattack response. Recovery from a ransomware attack can take days, weeks, or even months to restore to a fully operational state. A move to a STaaS solution can give companies an extra level of protection against cyberattacks.

Most STaaS providers typically offer robust security measures to protect their customers’ data, including encryption, access controls, routine backup and system updates, and data recovery options. The STaaS infrastructure is managed by dedicated personnel and policies designed to help customers reduce the risk of data loss. But in today’s world of intensified attacks and sophisticated cybercriminals, who are no longer satisfied with simply encrypting files and demanding ransom in bitcoins, are “routine” and “typical” enough? NetApp doesn’t think so!

It’s not just about prevention, it’s about having a stronger security solution at each point of the ransomware kill chain. That’s where we come in. NetApp Keystone^® STaaS solutions now provide proactive ransomware detection with Autonomous Ransomware Protection (ARP) for continuous monitoring of NAS workloads at every data access point. ARP uses workload analysis to proactively detect and warn about abnormal in-file activity that might indicate a ransomware attack. This anti-ransomware detection capability, a built-in feature of NetApp^® ONTAP^® data protection and disaster recovery technology, uses machine learning to detect potential ransomware attacks by:

• Identifying incoming data as encrypted or plaintext.
• Analyzing the environment to identify:
  • High data entropy (an evaluation of the randomness of data in a file)
  • A surge in abnormal volume activity with data encryption
  • An extension that does not conform to the normal extension type

The moment an attack is suspected, ARP automatically takes a Snapshot™ copy of the suspect volume and locks the copy. If the attack is confirmed, the volume can be restored to the ARP Snapshot copy, minimizing any data loss. By using the offensive and defensive capabilities and insights of ONTAP, Keystone STaaS delivers more comprehensive ransomware preparedness and greater security at the data layer. This protection enables you to detect and respond to a ransomware attack faster and increases your chances of recovering your data without having to pay a ransom.

A major concern in a ransomware attack is lack of visibility, which has a direct impact on response and recovery times. If a cyberattack strikes at night or over a weekend, it could be hours or even days before anyone knows what happened. For archive environments it could be even longer and have disastrous consequences. ARP continuously monitors the STaaS environment, takes Snapshot copies of point-in-time data if suspicious or abnormal activity is detected, locks data, and immediately delivers alerts. The ONTAP Snapshot technology provides rapid restores (terabytes in seconds), protects your backups from ransomware encryption, and prevents deletion of valuable backup data. Your recovery time objectives are improved with a near-immediate return of your environment to a “good known state,” rather than the recovery after the fact promised by competing STaaS solutions. And ARP comes built in at no additional cost when you subscribe to a Keystone solution.

Ransomware cybercriminals often evade common tools and solutions. Organizations need to be prepared with robust incident detection and response. NetApp Keystone has your back.