The new Ransomware “WannaCry” is wreaking havoc, and every news outlet from CNN to the NY Times to the London Telegraph is reporting its business impact. The Telegraph reports the UK’s National Health Service (NHS) is one of the worst victims, with 40 NHS trusts forced to postpone operations and procedures.
Antivirus, endpoint and network perimeter protection vendors are claiming they can prevent such attacks. But many affected organizations already have these solutions in place. What’s the last line of defense if the malware makes it through and seizes your files?
Nasuni customers are finding our enterprise file services platform, which continuously backs up files and retains unlimited versions, is among the fastest, easiest, and most cost-effective ways to recover from Ransomware like WannaCry. We’re not going to prevent Ransomware. But we’ll be able to repair the damage caused by Ransomware by restoring the last version of all files prior to infection in minutes in an easy, self-service manner.
Here’s how Ransomware works and why Nasuni succeeds as a Ransomware fix where traditional backup and NAS snapshot technologies are often ineffective.
How Ransomware Such as WannaCry Works
Most Ransomware arrives by phishing emails, which are the suspected entry points for WannaCry. Once installed, it uses Windows vulnerabilities to spread throughout networks that haven’t been updated with latest Windows OS patch from Microsoft. Since many enterprises aren’t at the latest patch levels, the Ransomware spreads quickly, as shown below.
WannaCry Ransomware map – locations of infection (Source: MalwareTech)
Once inside a computer, WannaCry Ransomware encrypts the files and demands $300 (£230) in Bitcoin to recover them, claiming “Nobody can recover your files without our decryption service.”
Ransomware WannaCry message appearing on a computer at NHS Trust (Source: UK Evening Standard)
Why Nasuni is a Cost-Effective Ransomware Fix
Nasuni (NAS Unified) is the first cloud-native file services platform to offer Continuous File Versioning as the new alternative to traditional backup and snapshot technologies. Every change to every file is securely transmitted to our cloud-native file system, UniFS, which keeps the immutable record of every file version in public cloud object stores such as Azure and Amazon Web Services or private cloud object stores such as IBM Cloud Object Storage.
With Nasuni Continuous File Versioning, every change to a file is chunked, deduplicated, compressed and encrypted, and the chunks are stored in the cloud object store with their own timestamps
Because this approach is so space-efficient (just capturing the changes) and because it leverages the cost-effective and virtually unlimited capacity of our cloud object store partners, most of our customers keep versions of every file with unlimited history (the only reason not to do this is policy requiring certain data be discarded after a given time). Recovery Point Objectives (RPOs) can now be very aggressive. Restore files with a timestamp from yesterday, last Friday, 3 months ago, or a year ago.
However, aggressive RPOs are only half the equation. You also need aggressive Recovery Time Objectives (RTOs). Depending on the number of files encrypted, Nasuni offers nearly instantaneous recovery times because, like snapshot recovery, we’re simply changing metadata to point to the previous versions of the file chunks. However, unlike snapshots, the version history is kept separate in cloud storage and old versions cannot be overwritten or deleted from the file system, putting it out of reach of Ransomware.
To fix the WannaCry Ransomware, Nasuni customers simply restore all files with the last timestamp before the infection hit. A few minutes later, group shares, project directories, and home directories will all be accessible through the Nasuni edge appliances with NAS-level performance and security.
Why Traditional Backup and Snapshot Technologies Aren’t as Effective for Ransomware Repair
Traditional NAS snapshot technology is typically too expensive to be used as a Ransomware fix. NAS vendors will claim snapshots are free, but they eat up valuable primary storage space. Since this space is often limited, you’re forced to decide on the ratio between active filesystem and snapshot space. The more space is allocated to the active filesystem, the less remains for snapshots. As a logical consequence, the retention period for snapshots is reduced, often to 1 day. If your snapshot retention period is 1 or 2 days and you need to rollback 4 days to remove Ransomware, you’re out of luck. Mirroring NAS systems for DR purposes doesn’t help either, since the infection is also mirrored and the snapshot retention period is the same.
Traditional file backup software is also less effective than Nasuni Continuous File Versioning because of slower RTOs and less frequent RPOs. If your last full backup ran on Sunday, that would be too late, since WannaCry hit Friday and will have infected the backup. If you fall back another week to the previous Sunday, 5 days of data will have been lost between your last full backup and the Ransomware infection. Even if you have a recent full backup, or incremental backups throughout the week, recovering terabytes of data using traditional backup/recovery processes will take days or weeks, resulting in costly downtime and days’ worth of lost employee productivity.
Ransomware attacks are appalling. At least with Nasuni, being able to cost-effectively recover files quickly from as near a point in time as possible prior to the attack is a huge advantage. This is why enterprises such as Faith Regional Hospital, Lewis Group real estate, and Denon, Boston Acoustics, and Marantz parent company D+M Group are using Nasuni to protect against Ransomware and other types of malware. Customers whose unstructured file data is stored, protected, and accessed with Nasuni can recover their data without having to pay ransoms, and have their users up and running again nearly as soon as the attacks are detected. Let us know if we can help you.
Ransomware is most typically triggered by an unsuspecting user clicking on a link in email they shouldn’t touch. That link downloads the ransomware code and it starts crawling through the network looking for files to encrypt. As these attacks increase in their sophistication, they target specific corporate servers. Download this solution brief to learn more about how to leverage the cloud to fight back against ransomware.
Ransomware is evolving, and companies relying on traditional disaster recovery solutions are either paying up or losing access to their files. The following infographic details the startling numbers behind the attacks, including the volume of files that can be infected, the payments demanded and more.