Protecting From Ransomware without a Data Protection Overhaul

Ransomware is at the top of every IT professional’s project list, but the problem is most solutions to the problem require the replacement of the current data protection product. What if the current data protection solution is servicing the organization well but falls short when it comes to ransomware protection? Would it be simpler to cover that hole instead starting over?

Where Do Legacy Backup Solutions Come Up Short?

The prime target of most ransomware attacks is user home directories, often stored on Windows file servers or a Network Attached Storage (NAS) systems. These systems are not given the same attention that the organization’s mission critical databases are. Home directory servers are typically backed up once per night, and there are many situations where the nightly backup of those servers either does not complete or fails. Often the sheer number of files being transferred is the problem.

What’s Needed For Ransomware Defense?

Of course organizations should do what they can to protect against an attack, by making sure Windows servers are patched to the latest version and users are trained to not open suspicious emails or plug in that thumb drive found in the parking lot. But chances are some malware will eventually get through. At that point it is all about recovery.

The problem is ransomware can attack at any moment, in fact some are programmed not to execute until right before the end of the work day, so that a maximum amount of data is changed prior to the attack. The attacker is actually assuming a once per night backup!

A second problem is an increasing number of ransomware attacks target the backup data first, specifically going after backup indexes. Since many backup solutions are Windows based and store their data in standard NTFS stores, these become easy targets.

Watch On Demand

Introducing Quorum onQ Ransomware Edition

Quorum is a leader in providing appliances that protect an organization’s data and automatically store it off-site, in the cloud. As part of that capability Quorum also provides Disaster Recovery as a Service (DRaaS). What makes the Quorum solution unique is the quality of the on-premises software and hardware. It provides easy to use software with excellent data protection and can protect the organization’s data every 15 minutes, delivering excellent RPO/RTOs. It also can provide DRaaS like functionality on-premises. If a server or storage system fails the onQ appliance can host the fallen application and its storage as a virtual machine.

The onQ Ransomware Edition (RE) is NOT that product, and that’s the point. In the RE edition, Quorum is essentially providing an on-premises only solution designed specifically to protect servers at risk from ransomware attack. It assumes that the organization will keep its current backup solution in place to meet the other requirements of data protection like off-site data movement.

The onQ Ransomware Edition can capture data from up to 15 servers every 15 minutes. The appliance and the software, while easy to use, is Linux based and does not expose a SMB share. Its Linux core makes it very hard for a ransomware malware that is attacking Windows servers to get to the backup data. To date there have been no documented instances of a multi-platform attack.

When there is an attack, Quorum provides a very easy rollback procedure and data recovery is initiated from the last known good copy of data. In most cases there should be no more than 15 minutes of data loss. In the case of a server that has been completely infected, onQ RE does have the capability to start a virtual instance of the corrupted server, which is much faster than restoring a few hundred thousand files across the network.

The cost of the solution is $15,000 for coverage of up to 15 servers. While focused as a quick solution to ransomware, there is no reason it could not be used to improve the RTO/RPO of other servers like MS-SQL. Again, it does not have the ability to move data off-site so the organization should keep its current data protection in-place.

StorageSwiss Take

Environment or situation specific data protection solutions are nothing new. Organizations have purchased data protection solutions specifically for Exchange, Oracle, MS-SQL for years. Just like any of these solutions IT needs to weigh the pros and cons of such a move. It is a different product, with a different interface, and while $15,000 should not be a major expense for most organizations, it is one, nonetheless. But, if the organization feels exposed to a ransomware attack, $15K spent here is likely less than the ransom due from just one attack.

Other than getting a copy off-site, onQ RE does meet the emerging requirements for ransomware recovery; frequent data captures, solid self-protection of its own files and the ability to quickly recover even if the attacked server is completely encrypted.

George Crump is the Chief Marketing Officer at VergeIO, the leader in Ultraconverged Infrastructure. Prior to VergeIO he was Chief Product Strategist at StorONE. Before assuming roles with innovative technology vendors, George spent almost 14 years as the founder and lead analyst at Storage Switzerland. In his spare time, he continues to write blogs on Storage Switzerland to educate IT professionals on all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought-after public speaker. With over 30 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS, SAN, Virtualization, Cloud, and Enterprise Flash. Before founding Storage Switzerland, he was CTO at one of the nation's largest storage integrators, where he was in charge of technology testing, integration, and product selection.

Tagged with: , , , , , , , , ,
Posted in Briefing Note

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 25,542 other subscribers
Blog Stats
%d bloggers like this: