Challenges

It’s estimated that a company is infected with ransomware every 40 seconds.

The malware the best known examples of which include WannaCry and Petya encrypts files. Affected companies are asked for a ransom. If ransomware is not detected very quickly data can be lost.

Worst of all: Just one click by an employee is enough to infect the network.

It’s not only files on the local computer that are harmed but also those on authorised network drives. So any customer that uses NetApp as NAS (Network Attached Storage) either CIFS or NFS should have implemented protection against ransomware.

The flood of ransomware goes on. And some only notice when it’s too late.

Just a single click on a malicious link or e-mail attachment can install malware in the background which can run unnoticed for months. There is then a risk that over time the backup media will only be holding encrypted files and the originals can no longer be restored.

Facts and figures from the Cybersecurity Insiders 2017 Ransomware Report

Companies and public institutions now regard ransomware attacks as the greatest cyber security risk.

75% of affected organisations experience 1-5 ransomware attacks per year.
25% experience more than 6 attacks.

For the business, this means: 41% downtime, 39% productivity loss, 30% data loss.

Benefits at a glance

• Easy to install via .ova image
• Manage settings intuitively with CryptoSpike Manager
• Every transaction in the NetApp storage is monitored in real time and affected users are immediately blocked
• File endings, file names and user behaviours are all checked for anomalies
• Bespoke monitoring strategies, in the future down to share level, customised to meet the needs of different departments
• Immediate information on where the attack occurred and support for restoring the damaged files
• Fast attack detection prevents continued encryption and, thus, lost data
• The attack is nipped in the bud and blackmail attempts are curbed

How it works

You can easily install CryptoSpike and FPolicy Server as a software image (.ova).

Three aligned strategies are deployed to detect attacks:

White list includes all the file endings that are permitted in your company; they are automatically output from the storage when CryptoSpike is being installed.

Black list currently holds around 1800 known ransomware file endings or file names which are updated every day.

Learner is the second safety level and the vital component. It’s rare for current ransomware to change file names and endings so encryption cannot be detected externally. The Learner therefore analyses patterns of user behaviour in your company, e.g. for read/write/open/close file operations. To do this the last 50,000 e.g transactions in the network are recorded and saved in the White Patterns list. There is also the Black Patterns list with behaviour patterns from current ransomware attacks.