Yeah, You Probably Should Do Something to Protect Your Organization from Ransomware Posted on Jul 8th, 2019 by Peter Eicher

Categories: Data Security, NetApp, ProLion

Another day, another ransomware attack. It was recently reported that the city council in Riviera Beach, Florida, “voted to pay nearly $600,000 to hackers who crippled the city’s computer systems with a ransomware attack.” This sets a new record for publicly revealed payments by a government organization. And it does seem that government organizations get hit a lot, or maybe it’s just that they’re required by law to reveal it.

Baltimore city government was hit with an attack that shut down most of their servers. And before that, Atlanta got hit and constituents couldn’t access applications for bill paying, court records and some other things.

There’s an old saying that an ounce of prevention is worth a pound of cure; well, a few dollars of prevention could have prevented many dollars of a painful cure for these organizations. And it’s probably not worth relying on the old standby of “it won’t happen to me.”

Ransomware is a tricky beast. It doesn’t sneak in through the back door like hacker attacks that try to break into your IT systems. Ransomware walks right through the front door, hitching a ride with somebody who already has a key to the door: that is, your users. Typically, an attack happens because someone clicked on a link in an email or visited an infected website. Once on the user’s computer, the malware has direct access to your network.

How to stop it? User education initiatives are important, as is keeping systems patched to avoid exploits. And of course, back up your data! You can find more helpful information here, along with some scary statistics.

One of the main areas that are exposed to ransomware are your file shares. Finding a network file share is like hitting the jackpot for the malware, which starts to encrypt one file after another.

If your file shares (CIFS/NFS) happen to be on NetApp filers, we have a great solution for you. It’s called CryptoSpike and it comes from our technology partner ProLion. What makes CryptoSpike a good tool for fighting ransomware? Here’s a few things:

  • It uses multiple technology approaches to detect and stop malware, including a Learner Module that detects unusual user behavior. This allows you to detect Day Zero attacks.
  • CryptoSpike stops the spread of the attack by cutting off the infected user’s access to the file shares. Some files may get encrypted, but the attack is stopped before it spreads too widely.
  • Because it works with NetApp snapshots, CryptoSpike lets you easily revert back to an earlier snapshot, and at the file level. That’s critical because you don’t want to have to revert an entire volume with thousands or millions of files if only a few were infected. CryptoSpike helps you pin-point the infection and roll it back.

There’s lots more you can do with CryptoSpike. Want a quick look? You can watch our demo video. If you like what you see, why not request a trial copy? You can test it out for yourself. And it’s priced per NetApp controller, so no worries about number of users or files or disk capacity.

And whether you consider CryptoSpike or something else, please do consider something. You really don’t want to be figuring out how to send bitcoins to some hackers. That’s sure to ruin your day.