Welcome!

An account will enable you to access:
- NetApp support's essential features
- NetApp communities
- NetApp training
- Sign in to my dashboard
- Create an account
NetApp account
- NetApp dashboard
- Sign out
Language
- English
- Deutsch
- Español
- Français
- Italiano
- Português
- 日本語
- 한국어
- 简体中文
- 繁體中文
See your global contacts
Learn
Browse

NetApp Ransomware Detection Program

Ransomware Detection Program

NetApp’s Ransomware Detection program (the “Program”) provides NetApp customers (“Customers”) certain services if NetApp’s Autonomous Ransomware Protection with Artificial Intelligence (“ARP/AI”) solution does not detect certain types of crypto-ransomware attacks. The terms and conditions (“Terms”) of the Program are provided below.

Qualifying Systems. A qualifying system (“Qualifying System”) is a NetApp AFF A-Series, AFF C-Series, or FAS series storage system configured as a NAS device without FlexGroup volumes and with all of the following features:
- ONTAP 9.16.1 or later installed;
- An active ONTAP One license;
- AutoSupport enabled;
- ARP/AI enabled; and
- Automatic updates to ARP/AI enabled.
Customer Eligibility. To be eligible for this Program, Customer must (a) sign up to the Program at https://www.netapp.com/forms/ransomware-detection-program/, (b) have an active support contract with NetApp for the Qualifying System with AutoSupport enabled, and (c) operate a Qualifying System, as determined by NetApp using AutoSupport data received by NetApp.
Qualifying Attacks. A qualifying attack (“Qualifying Attack”) is a full-file encryption ransomware attack by certain known and tested ransomware families. The list of known and tested ransomware families is subject to change and is available upon request.
Process. If an eligible Customer suspects that ARP/AI did not detect a Qualifying Attack on a Qualifying System, Customer must notify NetApp Support using the methods listed at https://mysupport.netapp.com/ within three months of the Qualifying Attack. NetApp will provide an executable tool to examine any files suspected of encryption by the Qualifying Attack, which will generate a log file. Customer must submit the log file to NetApp according to the instructions provided.
Remedy. Based on the log file provided above, if NetApp determines, in its sole discretion, that ARP/AI failed to detect a Qualifying Attack on a Qualifying System for an eligible Customer, NetApp will provide both of the following services as sole and exclusive remedies:
- Customer will obtain access to Professional Services to assist with data recovery in accordance with the Professional Services Terms on NetApp’s How to Buy Site at no cost to Customer for a time not to exceed eighty (80) hours. The scope of Professional Services may, but is not required to, include one or more of the following activities (which may be documented in an Engagement Document if NetApp deems it necessary):
  - Discovery Tasks:
    - NetApp and Customer to verify that threat is an actual attack and not a false positive.
    - Review the Customer's storage environment and determine which NetApp Clusters are impacted.
    - Determine current ONTAP version and if it meets Qualifying Systems requirement above.
    - Review any SnapLock policy definitions implemented.
    - Review the current retention period of source SnapLock Compliance files, if any.
    - Review Customer Restore Point Objective (RPO) / Restore Time Objective (RTO) policies.
    - Review existing NetApp anti-ransomware software status including but not limited to ARP/AI.
  - Data Recovery Tasks:
    - Recovery activities must be performed in conjunction with Customer participation. NetApp and Customer will develop RACI (Responsible, Accountable, Consulted, Informed) model to identify Customer and NetApp teams to participate in recovery activities.
    - NetApp to assist in ensuring data is in place to meet customer recovery needs.
    - Restore volumes and/or files from available sources, if any. Snapshot and/or volume roll back to data available prior to attack. Volumes to be restored based on Customer-communicated priority.
    - Mount snapshots for restore using SnapCenter plug-ins or native host tools, then copy to data restore directory.
  - Any activity not listed above or any activity listed below shall be excluded from the scope of the Professional Services remedy in this Program and would require a new paid engagement. Excluded activities included, but are not limited to:
    - Restoration using third-party vendors, third-party backup tools, or tape backup.
    - ONTAP software version updates or upgrades.
    - ONTAP setup or configuration.
    - Design, architecture, and best practice advice or assistance.
    - Providing additional storage to perform restoration.
    - Managed Upgrade Service.
    - Ransomware Recovery Assurance Service as part of the Ransomware Recovery Guarantee Program.
    - Data Protection and Security Assessment (aka best practices).
    - Security Hardening Configuration Service.
- NetApp will use reasonable commercial efforts to create an update package for ARP/AI such that, with the update package installed, ARP/AI will detect the Qualifying Attack if repeated on Customer.
The Program does not offer any commitment, guarantee, warranty, or assurance against data loss or for data recovery of any kind or amount.
Limitation of Liability. Except as expressly set forth in the remedy section of these terms, in no event will NetApp or its suppliers be liable (under any theory of liability, whether in contract, statute, tort or otherwise) for any lost profits, lost business opportunities, business interruption, or indirect, special, incidental, consequential, punitive, or exemplary damages arising out of or related to this program, even if such party has been advised of the possibility of such damages or losses, or such damages or losses were reasonably foreseeable.
General. This Program is exclusively governed by these Terms and is void where prohibited or restricted by law. Unless otherwise restricted by law, these Terms will be construed pursuant to the governing law as set forth in (a) Customer’s separate written agreement with NetApp that governs Customer’s purchase of any Qualifying System, or (b) in the absence of such agreement, or if the Customer purchases the Qualifying System from a NetApp reseller, the applicable terms of sale on NetApp’s How to Buy site at https://www.netapp.com/how-to-buy/sales-terms-and-conditions/ that apply to Customer’s purchase of the Qualifying System. In the event of any conflict between these Terms and the terms referenced in (a) or (b) above, as applicable, these Terms will prevail with respect to this Program. All other terms and conditions in the terms referenced in (a) or (b) above that are not expressly modified by this Program remain in full force and effect. NetApp reserves the right to change the terms and conditions of this Program, or modify or terminate the Program, at any time without notice and without recourse to the Customer.