![Page 1: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/1.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software CompanyThe Data Infrastructure Software Company
Recovering from Ransomware
Don’t pay the Ransom!A better solution to get back your data
![Page 2: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/2.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Today’s Presenter
2
Sushant RaoSenior Director of Product MarketingDataCore Software
![Page 3: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/3.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 3
Threat potential of
Ransomware
![Page 4: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/4.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it
Most recent example is WannaCry in mid of May 2017 – thousands of companies in all industries were affected in more than 150 countries
According to CNN, $209 million were paid to ransomware criminals in just three months (Q1/16)
4
Ransomware – What is it?
Source: https://en.wikipedia.org/wiki/Ransomware, https://de.wikipedia.org/wiki/WannaCry
![Page 5: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/5.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 5
Extent of Wannacry Ransomware
Source: https://intel.malwaretech.com/botnet/wcrypt /
![Page 6: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/6.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Services and applications with security holes• SMB file sharing (Wannacry started this way)
• Browser• Silverlight, Flash or Java Exploits
• Emails (comparable to Phishing: simulation of serious senders)• Government, Amazon, FBI, Police, PayPal, etc.
• Phone call• ”Microsoft is calling …“
• Dropbox• Downloads of files, e.g. application papers
6
Threat Vectors
![Page 7: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/7.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Local disks of affected system
• Active UNC (Uniform Naming Convention) paths• Home Shares
• Group Shares
• Inactive UNC paths• Temporary drives with password in cache
7
Threat potential
![Page 8: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/8.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
(choose one)
• Yes (been attacked before)
• No (haven’t been attacked, so far)
8
Question 1: Has your business/organization been affected by
Ransomware?
![Page 9: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/9.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Typical Protection Measures
9
![Page 10: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/10.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Update / patch your computers and servers• If possible, turn on automatic updates
• Educate users to not open attachments / download files• Easier said than done!
• Backup your data!• Recover your data in case of an attack
10
3 Steps to Protect from Ransomware
![Page 11: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/11.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Pay the requested amount?• No guarantee that this will lead to recovery of data
• Is there “honor among thieves”?
• Restore data from backup• Recovery Point Objective (RPO)?
• Calculated data-loss
• Where is my Backup?
• Is my backup affected?
• Restore time?
11
What can be done after you’ve been attacked?
![Page 12: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/12.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 12
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
![Page 13: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/13.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 13
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
![Page 14: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/14.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 14
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
![Page 15: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/15.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 15
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
![Page 16: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/16.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 16
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
![Page 17: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/17.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 17
The principles of RPO/RTO
t (time)
Las
t Bac
kup
Att
ack
Downtime
Rec
ogni
tion
ofat
tack
Star
t R
ecov
ery
Rectification work
Stan
dard
op
erat
ion
Lost timeRPO
DecisionAlert Recovery-time RTO
?
![Page 18: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/18.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Continuous Data Protection:A better way to recover data
18
![Page 19: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/19.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 19
• Access to any data state within a 14 day time-window
• Journalizes any I/O of protected disks
• No application implementation necessary
• Agent-less
• Just turn-it-on and recover
• Consistency checkpoints could be set (optional)
Continuous Data Protection (CDP)
![Page 20: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/20.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 20
Hosts
ProductionArrayCDP Array
Data Written @ 2:41:30 pmData Written @ 2:41:32 pmData Written @ 2:41:35 pmBad data Written @ 2:41:36 pm
CDPContinuous Data Protection (CDP)
![Page 21: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/21.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Where CDP makes the difference!
Backup
CDP
![Page 22: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/22.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Where CDP makes the difference!
Backup
Snapshot
CDP
![Page 23: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/23.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Where CDP makes the difference!
Backup
Snapshot
CDP
• Film (constantly report any change ) and recover
CDP
![Page 24: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/24.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
DataCore CDP• Extreme improvement of RPO and RTO
CDP
CDP
![Page 25: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/25.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 25
Return to previous consistency
6am
Free choice ofrollback time
7am 8am 9am 10am 11amTime-stampedupdates
Optional marked checkpoints
CDP
11:09 am
10:22 am
Host
CDP
![Page 26: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/26.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Independence of backup-windows
• Shortening of restore-time and less data-loss
• Optimization of RPO and RTO – close to zero
• Forensic analysis and troubleshooting
26
Benefits of CDP CDP
![Page 27: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/27.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Changes in typical behavior of CDP
• Retention time shrinks abruptly
• Log increases suddenly
27
Recognition of attack
![Page 28: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/28.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Rollback of CDP protected disk• After receiving the alert immediately switch-off all
affected servers!• Identify exact time before the attack occurred• Gradually approach the right time by checking multiple
rollback-points• Identify non-encrypted data• Restore non-encrypted data or ”instant“ promotion of
rollback-point to replace original disk
28
Defense
![Page 29: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/29.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• CDP is not:
• A replacement for backup
• Creating a media change
• A replication tool
• Replacing “good common sense”
29
Please keep in mind…
![Page 30: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/30.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Ransomware is no myth, everyone can be affected
• Ransomware attacks local and server-data
• Never pay – this would be the invite for the next attack!
• Promote awareness among your users
• Be prepared – define the appropriate measures upfront: “what to do, when the problem occurs“
30
Summary
![Page 31: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/31.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
(choose one)
• Backup only
• CDP only
• Backup + CDP
31
Question 2: What is the best way to protect your data?
![Page 32: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/32.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
Introduction to DataCore
32
![Page 33: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/33.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
30,000+ DEPLOYMENTS WORLDWIDE
10,000+ Customers 10th Gen Product
Companies in all Industries & Sizes
Software-defined Storage & Hyper-converged
Technology: Storage Virtualization & Parallel I/O
Main Offices• Australia• France• Germany• Japan• UK• USA
Proven. Globally.
33
![Page 34: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/34.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 34
One platform for any storage
![Page 35: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/35.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company 35
One platform for any deployment
Traditional Converged Hyper-Converged Hybrid-Converged Cloud
Integrate, manage, and enhance existing
storage
Leverage internal storage, reduce complexity and
maintain compute segregation
Consolidate all functions for smallest footprint and highest
performance
Consolidate all functions for smallest footprint and highest performance while
serving storage externally
Extend services to Microsoft Azure,
Amazon AWS, or any other public or private cloud-based platform
Apps Apps
V V V V
Apps
V V V
Apps
V
DataCore
![Page 36: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/36.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
DataCore Benefits
Improved performance by 3X or more
IMPROVE PERFORMANCE
Reduced storage-related downtime by50% of more
REDUCE DOWNTIME
Reduced storage-related spending by25% or more
INCREASE UTILIZATION
In the first year, positive ROI
SAVE MONEY
36
![Page 37: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/37.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software Company
• Patch / update your computers and servers
• Educate your users on how to be safe
• Evaluate CDP in addition to backups of your data• Schedule a 15-minute live demo with one of our Solution Architects
http://info.datacore.com/LiveDemo
• Try DataCore CDP in your environment• Protect your data in case of an attack
37
Next Steps
![Page 38: Ransomware Recovering from · The Data Infrastructure Software Company • Update / patch your computers and servers • If possible, turn on automatic updates • Educate users to](https://reader036.vdocuments.us/reader036/viewer/2022081611/5f05e5e17e708231d415451b/html5/thumbnails/38.jpg)
Copyright © 2017 DataCore Software Corp. – All Rights Reserved. The Data Infrastructure Software CompanyThe Data Infrastructure Software Company 38
Thank You