Disaster Recovery Use Case #1 – Ransomware

Datrium’s Automatrix platform offers a comprehensive set of features that enables fast and cost-efficient Disaster Recovery (DR) mitigation for enterprises. In this blog series, we’ll look at the four most recognizable causes for organizations to trigger DR:

  • Ransomware
  • Human error
  • Power failure
  • Natural disasters

You’ll learn how Datrium helps organizations in each of these cases. With every new blog post in this series, I’ll introduce more details about the platform’s features and capabilities.

Before delving into each use case, we need to have a baseline knowledge of the Datrium solution and architecture. Automatrix is a single powerful platform that includes DVX with all its capabilities (primary storage, deduplication, compression, encryption, backup, and replication), Cloud DVX for long-term retention in the Cloud, and ControlShift for orchestrating disaster recovery.



Ransomware is a business threat on the rise. Sonicwall reported a 300% year-over-year growth in ransomware incidents in 2018 alone. According to KnowBe4, these incidents caused more than $8 Billion in damage costs globally. These costs include ransom payments, but aside from that, the costs of downtime and mitigation are enormous, though perhaps harder to definitively measure. Businesses can no longer ignore the possibility of an attack and should be proactively preparing for when – not if – it happens.

Preparing for ransomware attacks should involve a multi-pronged approach. Both prevention and mitigation plans need to be in place to deal with the ever-evolving threats and attacks.

Further, ransomware is a problem for many industries with financial services, communications, and healthcare being the most targeted segments due to their high data value and critical systems. Clearly, organizations must prepare for the increasing number of threats and attacks.

Some of these mitigation approaches operate at the applications, hypervisor, and network security levels. Datrium DVX enables simple, low RTO data mitigation plans to get your business back on a stable footing with the correct data that you had before the attack.



Some of the most common prevention tools against ransomware include security awareness training, controlled patching, continuous vulnerability assessments, real-time traffic monitoring, intrusion detection, and file integrity monitoring.

Even if you take every possible precaution to try and prevent ransomware from gaining entry and swiftly detecting attacks, there may still be times when your defenses fall short.

The single best way to safeguard against ransomware attacks and lessen the potential impact on the business is to maintain a regular, secure backup system alongside a clear recovery plan that allows you to restore operations immediately if needed.

There are commonly two scenarios when it comes to recovering from ransomware attacks; the first one being the recovery of applications on the same site, and the second a full data center recovery on a DR site.


1) Same Site Recovery with Instant RTO

When an attack is discovered, the goal is to minimize further infection and restore to a safe state as quickly as possible.

Restarting a snapshot into the live production environment is simple, and restores are done with zero RTO. No need to copy data from a backup silo, so restores are virtually instant. With the built-in catalog capability, it’s also easy to implement many different search algorithms to quickly and efficiently find the right point-in-time snapshot to ensure the least amount of data loss.

Further, all data is verified multiple times per day as part of DVX’s background tasks, guaranteeing consistency, availability, and immutability of the data. The data immutability provides organizations with absolutely zero risk of previous backups and snapshots getting infected by malware.

2) Data Center Recovery on DR Target

In this scenario, although less common with ransomware attacks, the entire data center has been compromised, and a complete DR failover is necessary.

ControlShift is Datrium’s DR orchestration SaaS application, driven by the same policy and snapshot system that enables backup in Automatrix. Using ControlShift, it’s simple to fail over all applications running on a Datrium production site to a DR site, but it’s also critical to be able to fail back only the application’s delta changes while in DR mode.

  • Full runbook orchestration for VMs to restart correctly in a different data center.
  • Restart from current data or older backups. Unlike many DR systems, Automatrix is built to incorporate both current and old VM snapshots, so it’s ideal for ransomware recoveries.
  • RCO (Recovery Compliance Objective) of 30 minutes. Because Automatrix is a consolidated data plane with a focus on VMware and Kubernetes, it’s built to perform compliance tests of all required failover/failback resources every 30 minutes. It also offers a full test bubble system.
  • DRaaS (DR-as-a-Service) provides a subscription model with full Integration into VMware Cloud on AWS for On-Demand Disaster Recovery. Datrium provides fully integrated purchasing, support, and billing for all components and services, including VMware Cloud on AWS and AWS itself. It’s delivered as a SaaS solution that eliminates all the complexity of packaged software.


Datrium DRaaS with VMware Cloud on AWS is a comprehensive cloud-based backup and DR service for the protection of DVX on-premises systems. It encompasses Cloud DVX backup, ControlShift orchestration, as well as VMware Cloud on AWS. DRaaS dramatically reduces costs, keeps data safe and secure, and delivers enterprise-grade failover and failback. It enables organizations to eliminate physical DR sites, provides integrated management, and because it’s delivered as a SaaS solution, it eliminates the complexity of packaged software.



In this first post, we covered ransomware scenarios and the high-level Automatrix architecture. In my next post, we’ll cover different DR use cases and get a little deeper into Datrium unique technology that enables data and business recovery.