The Missing Ransomware Protection Layer

September 7, 2020
by Markus Apfler

So far in 2020 the number of ransomware attacks on larger companies has significantly increased compared to previous years; in fact, its predicted there will be a ransomware attack every 11 seconds by 2021 and by that time the global cost will be $20 Billion yearly. The most successful attacks have been published in the media around the world however there have been many more which have gone unreported. Businesses as well as governments have responded to this thread by spending millions either to keep their environments safe or in some unfortunate cases to resume access to their data after ransomware had done its work.

Infection Vectors

Opening a compromised email attachment or clicking on a malicious link on a webpage are only two of the most common ways how ransomware can enter internal systems through user-initiated actions. Hijacking remote desktop machines which are exposed to the internet is also a highly likely scenario and since home office has become more popular than ever in the last months the surface to place attacks on shared infrastructure has massively grown.

Layers of Complexity

The pyramid illustrates the theoretical effort which must be taken in account to identify and shield against ransomware attacks.

It is rather simple for example to block user access to known harmful websites with some well places filters but as soon as the ransomware starts spreading in the IT system, it gets very tricky to stop it before the damage is irreversible.

There are numerous security products on the marked who claim to protect against some or probably most infection vectors and that they are constantly improving and adopting their algorithms to be equipped against the newest known attack strategies. But usually these are specialised tools which concentrate only on one of the first three protection layers.

The Missing Layer – Storage

The storage systems are the place where all collected data actually stored but only a few companies have a security strategy where protection of this most important layer is included. Enterprise storage systems, like NetApp ONTAP, have advanced interfaces where third party security tools can integrate and protect against unauthorised and abnormal user behaviour.

ProLion CryptoSpike provides full ransomware protection for NetApp ONTAP. Additionally, by continuously managing a file extension blocklist it uses advanced behaviour patterns to recognize uncommon file operations.

Please have a look at our website to get more information about CryptoSpike.