StorONE Blog

Beat Ransomware with Better Primary Storage

Backup can’t beat ransomware. Instead, IT professionals need to beat ransomware with better primary storage. As the recent public disaster because of an alleged ransomware attack that Garmin is experiencing proves, bad actors are still at work even during the COVID-19 pandemic. Malware attacks are on the rise since March. Partly, the increase in attacks is because bad actors are also at home with more time to develop code, but the number of employees working from home is the primary cause of the increase. In either case, improving ransomware protection and response to an attack is more critical than ever.

Its Time To Re-Think Storage Infrastructure

Pandemics are a new kind of disaster, and IT needs to rethink how its storage infrastructure will respond. This Thursday, StorONE’s co-founder and CEO, Gal Naor, is joining me for a live webinar, “5 Steps to Seamless Storage Operations During a Pandemic.” If you pre-register before Wednesday, we will send you an advance copy of Gal’s latest white paper, “10 Recommendations for Storage Managers to Prepare for Future Pandemics“. During the webinar, we will provide new storage infrastructure best practices to implement during and before the next pandemic. We will also review the results of our landmark survey, “How has COVID-19 Impacted Your Data Center?” If you haven’t taken our survey yet, please take five minutes to fill it out so that we can include your experiences in our findings. A significant majority of those surveyed are finding their storage infrastructure unable to adapt to increasing threats like ransomware.

Backups Can’t Beat ransomware

Backup is classically a once a night operation. Recently, some backup software vendors have improved the technology to be able to execute more frequently, as much as every four hours. However, because of potential performance impacts, only critical applications get this special treatment, not the more vulnerable file systems. 

Beat Ransomware with Better Primary Storage not legacy backup
Backups Can’t Beat Ransomware

The problem is ransomware attacks occur at any time, often in the middle of the workday, triggered by a user accidentally clicking on a link. In these situations, multiple hours have passed since the last backup. The two most popular backup solutions make matters worse by storing the backup data, backup metadata, and backup configuration files on a Windows filesystem, the most attacked of all filesystems. 

Even if the organization is lucky and IT discovers a ransomware attack only a few hours after initiation, they are still in for a nightmarish ordeal as they try to restore hundreds of thousands of files while users wait “patiently.” Remember, users are no longer in the building now, so patiently waiting is even more than a stretch than it ever was before. 

Beat Ransomware with Better Primary Storage not legacy backup. You need rapid, ongoing protection and real-time recovery.

Legacy Snapshots Can’t Beat ransomware

A fallback position for most storage vendors is primary storage snapshots. For snapshots to be a useful deterrence against a malware attack, several capabilities need to be present and legacy snapshots don’t get the job done. First, the storage system needs to take an unlimited number of snapshots. Most legacy primary storage systems have a finite limit on the number of snapshots IT can take. Vendors often impose a snapshot limit, so the function doesn’t impact performance. The side effect is that the storage administrators can’t take snapshots frequently enough to protect from a ransomware attack. It also means that an administrator can’t retain a snapshot long enough to avoid a silent infiltration by the malware. A third challenge is that many storage systems store their snapshot data in the open, meaning that an external application can easily browse its way to it or, in the case of ransomware, stumble upon it. 

Legacy storage systems use snapshot technology that is decades old. Beat ransomware with better primary storage with modern snapshot capabilities that can capture data continually without impacting performance.

External Systems Are NOT the Answer

Several vendors are suggesting that you buy multiple systems to protect against ransomware attacks. These vendors are hardware vendors, so suggesting the solution is to buy more hardware shouldn’t come as a surprise. The problem with buying more hardware — other than the obvious additional cost — is that these systems are on the same network as the primary storage system and often have the exact same limitations as far as the number of snapshots and retention of snapshots. These vendors have added functionality to some of these systems to make it so nothing can delete them, not even IT (whose passwords may have been compromised). These dual-key systems make for interesting conversation, but they still don’t address the underlying issue. Most primary storage systems can’t take snapshots frequently enough and retain them long enough to provide adequate protection against a ransomware attack. 

External systems designed to cover the inadequacy of legacy primary storage fall short in ransomware defense while wasting IT budget. Beat ransomware with better primary storage that integrates protection and defends against even the most sophisticated attack.

Beat Ransomware with Efficient Snapshots

Beat Ransomware with Better Primary Storage that has efficient storage snapshots
Efficient, Limitless Snapshots Beat Ransomware

StorONE is efficient storage software that enables you to beat ransomware with efficient snapshots. Our snapshot technology allows IT to execute a snapshot as frequently as every three minutes. IT can retain those snapshots indefinitely—neither the frequency of snapshots nor the quantity the software is managing impact performance. We have customers maintaining thousands of snapshots on their systems. 

As I discussed in my blog, “Better High Availability During Pandemics,” you can replicate a primary StorONE system to a secondary system either synchronously on-premises or asynchronously to a disaster recovery site. These second and third systems can have unique snapshot schedules and also retain those snapshots indefinitely. 

Finally, our snapshots are not visible to any external application until they are specifically restored. That means that a ransomware application crawling its way through the file system can’t accidentally stumble on the snapshot because it is not there until you restore it. 

Our powerful snapshot technology not only provides the ultimate protection against ransomware, but they also can dramatically reduce your investment in the backup infrastructure. To learn more, please read my colleague Ittai Doron’s blog, “Use Snapshots to Reduce Backup Costs.” You can also register below to watch our on-demand webinar “Reduce Backup Costs with Better Primary Storage” below:

Request a Demo