Be Prepared and Recover Faster from Ransomware Attacks

As we’ve seen in recent news, ransomware acts are up 300% from 2018, costing organizations over $8 billion globally. Even as recent as last month, an organization paid $600,000 to a hacker who seized its computer system.

What plans do you have in place if your organization gets hit with a ransomware attack? Do you know how long it would take for your organization to recover?

I recently hosted a webinar that you might find helpful – Recover Faster from Your Next Ransomware Attack. I cover best practices for prevention and mitigation of ransomware acts. Here are some of the best practices: 

  1. Security awareness training
  2. Updates, patches, and configuration
  3. Up-to-date asset inventory
  4. Continuous vulnerability assessment
  5. Real-time traffic monitoring
  6. Intrusion detection
  7. File integrity monitoring
  8. Reliable backup and recovery


However, even if you take every possible precaution to try and prevent ransomware from gaining entry to your systems and swiftly detect attacks, there may still be times when your defenses fall short. It only takes one human mistake to allow ransomware to spread inside your network.

The best way to safeguard against ransomware attacks and lessen the potential impact on your business is to maintain a regular, secure backup system alongside a clear recovery plan that allows you to restore a recent backup in a very short amount of time, when needed.

I encourage you to watch the webinar to get more information and to see a live demonstration of how we can help you recover from cybercrime attacks, such as ransomware, which will allow you to achieve: 

  • Instant RTO and low RPO
  • Security isolation with Blanket Encryption
  • Immutable, regularly verified, and cataloged VM-granularity snapshots
  • Massive retention with multi-site and bi-directional replication
  • Whole data center recovery workflow automation



Q&A Summary

After the webinar concluded, we had a few more questions from attendees. Here’s a quick recap:

Question 1: Say we get a GDPR request to remove a user’s information. Are there processes in place to crawl through backups and remove PII?

Answer: Applications and databases are very different from each other in terms of storing data, and one would need to deeply understand the application data structure. Datrium does not provide a GDPR data scrubbing feature today.


Question 2: Are the snapshots vulnerable to being encrypted by malware?

Answer: If infected VMs are taking new snapshots, the files will be encrypted because they are already compromised. However, the snapshots from before the infection are completely immutable and have absolutely zero risk of getting infected. You can learn more about this in our whitepaper: Datrium Ransomware Protection.


Question 3: Oftentimes to make modifications to a VM, snapshots need to be deleted. If I do that within vCenter, does Datrium know about it?

Answer: While you can use VMware snapshots, we recommend that snapshots be done via the Datrium UI in vCenter. When using Datrium native snapshots, you not only have the ability to roll back or forward to any point in time but also protect those snapshots replicating to your DR sites or to Datrium Cloud DVX storage on AWS for long-term archiving. Further, Datrium native snapshots are immutable and protect your organization against ransomware attacks.


Question 4: Is Datrium storage the only datastore in your example/lab? I ask as I usually like to keep my snapshots on “cheaper” storage than my running production VMs.

Answer: Datrium, by design, keeps snapshots and backups in a secondary “cheaper” storage tier backed by our own ‘data nodes,’ while maintaining active VMs on localhost flash for the best performance. From an operational perspective, this is invisible to administrators, which makes the solution very simple, performant, and cost-effective. Here is an excellent paper on the subject: Automatrix Split Provisioning.


If you’re interested in a personalized demonstration of how Datrium can help with your Disaster Recovery initiatives, request a demo and we will contact you to schedule it.