In 2022, the number of ransomware attacks on businesses and institutions increased significantly. In total, there were over 620 million attacks worldwide. That’s around 20 attacks per second! Attacks cause business disruptions, compromise sensitive data and, in most cases, result in recovery work that lasts several weeks. Every second that an attack goes unnoticed helps attackers to inflict more damage, which costs your organization time and money.
- 650+ companies worldwide rely on CryptoSpike
CryptoSpike is the Leading Solution to Protect Storage Systems from Ransomware
Based on full access transparency, CryptoSpike detects unusual activities in your file system and blocks attacks in real time. In the event of a ransomware attack, the granular restore function makes it possible to restore affected files immediately.
What are the Benefits of CryptoSpike?
- 71% of all companies were the target of at least one ransomware attack in 2022. There were 236.1 million ransomware attacks worldwide during the first half of 2022 alone.
- The average downtime after an attack is 21 days.
- The average recovery costs after an attack are 1.6 million euros.
- The central storage system in which all data is stored is a “black box”. Oftentimes, it is unclear who caused the damage, when the attack began, and what data was damaged.
- Backups can be compromised as ransomware often disables backup functionality. A detailed investigation is required to determine what needs to be restored and when. Files that are not infected are often restored to an old version, which leads to unnecessary data loss.
- One wrong click by employees is enough to infect the entire network, allowing the threat to spread from a local computer to network-attached storage.
- If an attack occurs, a thorough analysis is essential (what happened, when, how did the attackers get the data and, above all, which data is affected). Without this insight, it won’t be possible to carry out a successful analysis and recover the data.
The CryptoSpike Solution
By analyzing all data access to the storage system, CryptoSpike detects ransomware attacks and unusual behavior, stops them in their tracks, and immediately gives you the chance to react and restore the exact data you need.
How CryptoSpike Protects Your Data
- Anomaly detection: CryptoSpike analyzes data access in real-time and immediately detects anomalies.
- Blocklist: Using a blocklist provided by ProLion, typical file extensions for ransomware are recognized and blocked.
- User Blocking: Suspicious users are automatically blocked from accessing your, data and administrators are immediately alerted to the incident.
- Single File Restore: Thanks to the detailed analysis, explicitly corrupted files can be restored, all other data remains unchanged.
- If needed for data protection purposes, it’s possible for user-specific data and activity to be visible only when two users, e.g. the works council and the IT department, log on to the CryptoSpike server.
Installation & Learning Phase
Within a few hours of deployment, CryptoSpike learns how your system works and offers comprehensive protection against ransomware attacks. This enables your IT teams to focus on strategy and growth, instead of worrying about the next attack or dealing with the aftermath of the last attack.
2. Early detection of attacks and anomalies
CryptoSpike recognizes suspicious behavior of a user, or malware acting in the name of a user. “Suspicious” can mean encrypting, changing, copying or moving files too often within a defined time period.
3. CryptoSpike in action
Block & Alert
Blocking the user stops the attack and protects the system from further damage. Previously defined users receive an alert via e-mail.
4. Data Access Transparency
Transparency & Recovery
CryptoSpike provides a complete picture of which files have been manipulated by which user. Afterward, you can change these files – directly within CryptoSpike – using an ONTAP undo snapshot.
5. Return to Normal Operations
After restoring the system back to its original state and clarifying the facts, CryptoSpike can re-instate the user’s access.
CryptoSpike is the solution of choice for organizations looking to detect and combat suspicious activity, including ransomware attacks. Thanks to data access transparency, our software enables you to trace the changes made to the files on your central storage system.
- Detect data access patterns and file extensions that are typical of ransomware
- Block known threats that have passed endpoint protection.
- Immediately and automatically prevent attacks and alert those responsible.
- Complete documentation of suspicious data transactions.
- Complete data transparency with access traceability at file or user level
- Targeted recovery of damaged data directly from the snapshot
- Deployment in three to five hours, on-premise or in the cloud
- Integration into the existing SIEM platform
- Adjust monitoring policies at the volume or share level in real-time
- If required for data protection reasons, user-specific data is only available via dual verification
Frequently asked questions
CryptoSpike currently supports NetApp (FAS/AFF & virtual ONTAP), Lenovo DM-Series, Dell PowerScale, Dell Unity and Dell PowerStore* (starting CryptoSpike 3.3)
Installing CryptoSpike usually only takes a few hours, making it the fastest security project in the world!
CryptoSpike uses native APIs from the storage systems to collect and process the information.
No! User access is unaffected thanks to the use of native APIs.
CryptoSpike makes it possible to implement a so-called “four-eyes principle” which requires two people to access the data, protecting sensitive information.
CryptoSpike was developed with complex environments in mind and supports scaling via agents. We recommend the LandscapeManager add-on to manage distributed storage environments via a common user interface.
Yes, CryptoSpike adds another level of protection to your company’s security strategy and protects your storage system – where your most valuable, business-critical data is centrally stored.
An alert can be sent directly via email or integrated into existing monitoring solutions using an API.
Do you have questions about the product? We will discuss the advantages and functions of our security solutions directly with you in a demo appointment.
- All information about the ProLion products
- Technical functions & questions answered by experts
- Implementation and feasibility
- Pricing Information