What is ransomware?

Ransomware is any software that allows an outsider to access and encrypt another’s files, delete the originals, and then threaten to delete the only remaining (encrypted) copy of the files if the ransom isn't paid. In the movies, the user deploying the ransomware is typically portrayed as a hardened criminal.

But truthfully, ransomware is simply a product—usually found on the internet—that anyone can learn to use easily. In other words, ransomware attacks are common, and they can be debilitating to files on-premises or in the victim’s cloud.

Ransomware attacks happen quickly. Before you realize there's a threat, the hackers have stolen information, have encrypted valuable files, and are demanding that a ransom be paid to release those files back to you. Usually, the hacker demands a certain amount in Bitcoin, but paying the ransom doesn’t always minimize the damage. It can take weeks after a ransomware attack to fully assess the damage done in the four phases of a ransomware attack.

You might think of a hacker as a hardened criminal, but the average person can easily access any number of ransomware-as-a-service offerings. Unfortunately, using these ransomware services to obtain stolen credentials and distribute malware is as easy as using almost any other online service.

All it takes for a hacker to gain access to vital information is the right software, and the attack begins.

Just one point of access is enough for the ransomware to get to work. The ransomware contacts the victim’s remote network and generates a key that will be used for file encryption (in phase 3).

During the connection phase, the ransomware is essentially rummaging through the victim’s files to find ones with value. After all, these files need to be worth the ransom that the hacker is about to demand.

This is the “ransom” part of a ransomware attack—targeted files are encrypted or stolen, and then the original files are deleted. In other words, ransomware holds your files hostage. The only way to free your data is to decrypt it, which can only be done with the key that was generated in phase 2.

The hacker now demands that a sum be paid in exchange for the key, typically applying a time limit within which you must meet their demands. If you don't, you risk the hacker deleting the key and removing any possibility of decrypting your files or releasing your data to the public.

Victims typically fulfill these demands, and the ransomware attack is complete.

Preventing a ransomware attack requires careful attention to every aspect of your data. It requires a multilayered solution to what is a multilayered problem. Our approach includes infrastructure management, monitoring, and services to help you protect, detect, and recover from cyberthreats.

NetApp starts with a data-centric approach to protect against ransomware by offering NetApp^® ONTAP^®, its industry-leading enterprise hybrid cloud infrastructure management software. After all, criminals are targeting your data, so it makes sense to start your protection at the storage layer. With ONTAP software, you can:

• Create granular, read-only recovery points in seconds and apply secure file locking
• Monitor storage anomalies, including data entropy, to identify cyberthreats
• Restore data quickly in minutes from granular and efficient NetApp Snapshot™ copies

Understanding what kind of data you have, where it's stored, and who has access is an important step for any cyber resilience plan. NetApp Cloud Data Sense is a cloud data service that gives you visibility into your data across on-premises and cloud storage so you can identify what data matters most. You can also lock down permissions for more effective security.

Active IQ includes new functionality to help you identify gaps in your security posture and what steps to take to harden your ONTAP storage environment according to NetApp best practices. You can regularly monitor your environment and adjust based on the latest NetApp software releases to keep your data safe and secure.

Most attacks involve an unsuspecting user or—sadly—even a rogue administrator. You need a level of scrutiny that includes 24/7 attention, which is easier to accomplish with NetApp Cloud Insights. This service carefully monitors your data to:

• Highlight risks that can lead to an attack
• Detect attacks the moment they happen
• Perform automated actions to help avoid widespread damage

Whether it’s on premises or in the cloud, Cloud Insights gives you complete visibility into your infrastructure and applications by using Zero Trust technology. It continuously monitors user behavior, learning what’s normal for your users so that it can detect anomalies. When Cloud Insights detects an anomaly, it alerts you instantly and triggers immediate action, such as taking a Snapshot copy to assist in rapid recovery or blocking user file access to prevent data exfiltration.

Sometimes what you need is a bit more help: the expertise of a trusted partner to deliver against an SLA. To determine your data protection readiness before a ransomware threat occurs, NetApp offers a Data Protection and Security Assessment service to identify security gaps and vulnerabilities in your current environment—on premises and in the cloud—and provide actionable recommendations for closing those gaps to increase data resilience. For further confidence that you're prepared to protect your business from security threats, the NetApp Ransomware Monitoring and Reporting Service, included in the NetApp Flex Professional Services subscription, harnesses the power of Cloud Insights and Cloud Secure to provide another layer of protection for your environment. Together, these services help you respond and recover quickly if an attack gets through your defenses.