Post on 12-Jun-2020
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software CompanyThe Data Infrastructure Software Company
Recovering from Ransomware
Don’t pay the Ransom!A better solution to get back your data
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Today’s Presenter
2
Sushant RaoSenior Director of Product MarketingDataCore Software
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 3
Threat potential of
Ransomware
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it
Most recent example is WannaCry in mid of May 2017 – thousands of companies in all industries were affected in more than 150 countries
According to CNN, $209 million were paid to ransomware criminals in just three months (Q1/16)
4
Ransomware – What is it?
Source: https://en.wikipedia.org/wiki/Ransomware, https://de.wikipedia.org/wiki/WannaCry
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 5
Extent of Wannacry Ransomware
Source: https://intel.malwaretech.com/botnet/wcrypt /
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Services and applications with security holes• SMB file sharing (Wannacry started this way)
• Browser• Silverlight, Flash or Java Exploits
• Emails (comparable to Phishing: simulation of serious senders)• Government, Amazon, FBI, Police, PayPal, etc.
• Phone call• ”Microsoft is calling …“
• Dropbox• Downloads of files, e.g. application papers
6
Threat Vectors
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Local disks of affected system
• Active UNC (Uniform Naming Convention) paths• Home Shares
• Group Shares
• Inactive UNC paths• Temporary drives with password in cache
7
Threat potential
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
(choose one)
• Yes (been attacked before)
• No (haven’t been attacked, so far)
8
Question 1: Has your business/organization been affected by
Ransomware?
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Typical Protection Measures
9
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Update / patch your computers and servers• If possible, turn on automatic updates
• Educate users to not open attachments / download files• Easier said than done!
• Backup your data!• Recover your data in case of an attack
10
3 Steps to Protect from Ransomware
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Pay the requested amount?• No guarantee that this will lead to recovery of data
• Is there “honor among thieves”?
• Restore data from backup• Recovery Point Objective (RPO)?
• Calculated data-loss
• Where is my Backup?
• Is my backup affected?
• Restore time?
11
What can be done after you’ve been attacked?
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 12
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 13
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 14
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 15
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 16
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 17
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Continuous Data Protection:A better way to recover data
18
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 19
• Access to any data state within a 14 day time-window
• Journalizes any I/O of protected disks
• No application implementation necessary
• Agent-less
• Just turn-it-on and recover
• Consistency checkpoints could be set (optional)
Continuous Data Protection (CDP)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 20
Hosts
ProductionArrayCDP Array
Data Written @ 2:41:30 pmData Written @ 2:41:32 pmData Written @ 2:41:35 pmBad data Written @ 2:41:36 pm
CDPContinuous Data Protection (CDP)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Where CDP makes the difference!
Backup
CDP
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Where CDP makes the difference!
Backup
Snapshot
CDP
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Where CDP makes the difference!
Backup
Snapshot
CDP
• Film (constantly report any change ) and recover
CDP
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
DataCore CDP• Extreme improvement of RPO and RTO
CDP
CDP
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 25
Return to previous consistency
6am
Free choice ofrollback time
7am 8am 9am 10am 11amTime-stampedupdates
Optional marked checkpoints
CDP
11:09 am
10:22 am
Host
CDP
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Independence of backup-windows
• Shortening of restore-time and less data-loss
• Optimization of RPO and RTO – close to zero
• Forensic analysis and troubleshooting
26
Benefits of CDP CDP
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Changes in typical behavior of CDP
• Retention time shrinks abruptly
• Log increases suddenly
27
Recognition of attack
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Rollback of CDP protected disk• After receiving the alert immediately switch-off all
affected servers!• Identify exact time before the attack occurred• Gradually approach the right time by checking multiple
rollback-points• Identify non-encrypted data• Restore non-encrypted data or ”instant“ promotion of
rollback-point to replace original disk
28
Defense
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• CDP is not:
• A replacement for backup
• Creating a media change
• A replication tool
• Replacing “good common sense”
29
Please keep in mind…
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Ransomware is no myth, everyone can be affected
• Ransomware attacks local and server-data
• Never pay – this would be the invite for the next attack!
• Promote awareness among your users
• Be prepared – define the appropriate measures upfront: “what to do, when the problem occurs“
30
Summary
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
(choose one)
• Backup only
• CDP only
• Backup + CDP
31
Question 2: What is the best way to protect your data?
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Introduction to DataCore
32
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
30,000+ DEPLOYMENTS WORLDWIDE
10,000+ Customers 10th Gen Product
Companies in all Industries & Sizes
Software-defined Storage & Hyper-converged
Technology: Storage Virtualization & Parallel I/O
Main Offices• Australia• France• Germany• Japan• UK• USA
Proven. Globally.
33
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 34
One platform for any storage
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 35
One platform for any deployment
Traditional Converged Hyper-Converged Hybrid-Converged Cloud
Integrate, manage, and enhance existing
storage
Leverage internal storage, reduce complexity and
maintain compute segregation
Consolidate all functions for smallest footprint and highest
performance
Consolidate all functions for smallest footprint and highest performance while
serving storage externally
Extend services to Microsoft Azure,
Amazon AWS, or any other public or private cloud-based platform
Apps Apps
V V V V
Apps
V V V
Apps
V
DataCore
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
DataCore Benefits
Improved performance by 3X or more
IMPROVE PERFORMANCE
Reduced storage-related downtime by50% of more
REDUCE DOWNTIME
Reduced storage-related spending by25% or more
INCREASE UTILIZATION
In the first year, positive ROI
SAVE MONEY
36
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Patch / update your computers and servers
• Educate your users on how to be safe
• Evaluate CDP in addition to backups of your data• Schedule a 15-minute live demo with one of our Solution Architects
http://info.datacore.com/LiveDemo
• Try DataCore CDP in your environment• Protect your data in case of an attack
37
Next Steps
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software CompanyThe Data Infrastructure Software Company 38
Thank You
info@datacore.comwww.datacore.com