Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software CompanyThe Data Infrastructure Software Company

Recovering from Ransomware

Don’t pay the Ransom!A better solution to get back your data

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

Today’s Presenter

2

Sushant RaoSenior Director of Product MarketingDataCore Software

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 3

Threat potential of

Ransomware

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

• Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it

Most recent example is WannaCry in mid of May 2017 – thousands of companies in all industries were affected in more than 150 countries

According to CNN, $209 million were paid to ransomware criminals in just three months (Q1/16)

4

Ransomware – What is it?

Source: https://en.wikipedia.org/wiki/Ransomware, https://de.wikipedia.org/wiki/WannaCry

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 5

Extent of Wannacry Ransomware

Source: https://intel.malwaretech.com/botnet/wcrypt /

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

• Services and applications with security holes• SMB file sharing (Wannacry started this way)

• Browser• Silverlight, Flash or Java Exploits

• Emails (comparable to Phishing: simulation of serious senders)• Government, Amazon, FBI, Police, PayPal, etc.

• Phone call• ”Microsoft is calling …“

• Dropbox• Downloads of files, e.g. application papers

6

Threat Vectors

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

• Local disks of affected system

• Active UNC (Uniform Naming Convention) paths• Home Shares

• Group Shares

• Inactive UNC paths• Temporary drives with password in cache

7

Threat potential

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

(choose one)

• Yes (been attacked before)

• No (haven’t been attacked, so far)

8

Question 1: Has your business/organization been affected by

Ransomware?

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

Typical Protection Measures

9

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

• Update / patch your computers and servers• If possible, turn on automatic updates

• Educate users to not open attachments / download files• Easier said than done!

• Backup your data!• Recover your data in case of an attack

10

3 Steps to Protect from Ransomware

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

• Pay the requested amount?• No guarantee that this will lead to recovery of data

• Is there “honor among thieves”?

• Restore data from backup• Recovery Point Objective (RPO)?

• Calculated data-loss

• Where is my Backup?

• Is my backup affected?

• Restore time?

11

What can be done after you’ve been attacked?

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 12

The principles of RPO/RTO

t (time)

Las

t Bac

kup

Att

ack

Downtime

Rec

ogni

tion

ofat

tack

Star

t R

ecov

ery

Rectification work

Stan

dard

op

erat

ion

Lost timeRPO

DecisionAlert Recovery-time RTO

?

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 13

The principles of RPO/RTO

t (time)

Las

t Bac

kup

Att

ack

Downtime

Rec

ogni

tion

ofat

tack

Star

t R

ecov

ery

Rectification work

Stan

dard

op

erat

ion

Lost timeRPO

DecisionAlert Recovery-time RTO

?

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 14

The principles of RPO/RTO

t (time)

Las

t Bac

kup

Att

ack

Downtime

Rec

ogni

tion

ofat

tack

Star

t R

ecov

ery

Rectification work

Stan

dard

op

erat

ion

Lost timeRPO

DecisionAlert Recovery-time RTO

?

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 15

The principles of RPO/RTO

t (time)

Las

t Bac

kup

Att

ack

Downtime

Rec

ogni

tion

ofat

tack

Star

t R

ecov

ery

Rectification work

Stan

dard

op

erat

ion

Lost timeRPO

DecisionAlert Recovery-time RTO

?

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 16

The principles of RPO/RTO

t (time)

Las

t Bac

kup

Att

ack

Downtime

Rec

ogni

tion

ofat

tack

Star

t R

ecov

ery

Rectification work

Stan

dard

op

erat

ion

Lost timeRPO

DecisionAlert Recovery-time RTO

?

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 17

The principles of RPO/RTO

t (time)

Las

t Bac

kup

Att

ack

Downtime

Rec

ogni

tion

ofat

tack

Star

t R

ecov

ery

Rectification work

Stan

dard

op

erat

ion

Lost timeRPO

DecisionAlert Recovery-time RTO

?

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

Continuous Data Protection:A better way to recover data

18

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 19

• Access to any data state within a 14 day time-window

• Journalizes any I/O of protected disks

• No application implementation necessary

• Agent-less

• Just turn-it-on and recover

• Consistency checkpoints could be set (optional)

Continuous Data Protection (CDP)

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 20

Hosts

ProductionArrayCDP Array

Data Written @ 2:41:30 pmData Written @ 2:41:32 pmData Written @ 2:41:35 pmBad data Written @ 2:41:36 pm

CDPContinuous Data Protection (CDP)

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

Where CDP makes the difference!

Backup

CDP

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

Where CDP makes the difference!

Backup

Snapshot

CDP

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

Where CDP makes the difference!

Backup

Snapshot

CDP

• Film (constantly report any change ) and recover

CDP

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

DataCore CDP• Extreme improvement of RPO and RTO

CDP

CDP

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 25

Return to previous consistency

6am

Free choice ofrollback time

7am 8am 9am 10am 11amTime-stampedupdates

Optional marked checkpoints

CDP

11:09 am

10:22 am

Host

CDP

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

• Independence of backup-windows

• Shortening of restore-time and less data-loss

• Optimization of RPO and RTO – close to zero

• Forensic analysis and troubleshooting

26

Benefits of CDP CDP

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

• Changes in typical behavior of CDP

• Retention time shrinks abruptly

• Log increases suddenly

27

Recognition of attack

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

• Rollback of CDP protected disk• After receiving the alert immediately switch-off all

affected servers!• Identify exact time before the attack occurred• Gradually approach the right time by checking multiple

rollback-points• Identify non-encrypted data• Restore non-encrypted data or ”instant“ promotion of

rollback-point to replace original disk

28

Defense

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

• CDP is not:

• A replacement for backup

• Creating a media change

• A replication tool

• Replacing “good common sense”

29

Please keep in mind…

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

• Ransomware is no myth, everyone can be affected

• Ransomware attacks local and server-data

• Never pay – this would be the invite for the next attack!

• Promote awareness among your users

• Be prepared – define the appropriate measures upfront: “what to do, when the problem occurs“

30

Summary

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

(choose one)

• Backup only

• CDP only

• Backup + CDP

31

Question 2: What is the best way to protect your data?

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

Introduction to DataCore

32

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

30,000+ DEPLOYMENTS WORLDWIDE

10,000+ Customers 10th Gen Product

Companies in all Industries & Sizes

Software-defined Storage & Hyper-converged

Technology: Storage Virtualization & Parallel I/O

Main Offices• Australia• France• Germany• Japan• UK• USA

Proven. Globally.

33

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 34

One platform for any storage

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 35

One platform for any deployment

Traditional Converged Hyper-Converged Hybrid-Converged Cloud

Integrate, manage, and enhance existing

storage

Leverage internal storage, reduce complexity and

maintain compute segregation

Consolidate all functions for smallest footprint and highest

performance

Consolidate all functions for smallest footprint and highest performance while

serving storage externally

Extend services to Microsoft Azure,

Amazon AWS, or any other public or private cloud-based platform

Apps Apps

V V V V

Apps

V V V

Apps

V

DataCore

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

DataCore Benefits

Improved performance by 3X or more

IMPROVE PERFORMANCE

Reduced storage-related downtime by50% of more

REDUCE DOWNTIME

Reduced storage-related spending by25% or more

INCREASE UTILIZATION

In the first year, positive ROI

SAVE MONEY

36

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company

• Patch / update your computers and servers

• Educate your users on how to be safe

• Evaluate CDP in addition to backups of your data• Schedule a 15-minute live demo with one of our Solution Architects

http://info.datacore.com/LiveDemo

• Try DataCore CDP in your environment• Protect your data in case of an attack

37

Next Steps

Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software CompanyThe Data Infrastructure Software Company 38

Thank You

info@datacore.comwww.datacore.com