Category: CryptoSpike

As ransomware activity becomes even more prevalent in our day-to-day lives, hackers and ransomers are heavily targeting the Healthcare and Public Health Sector.

CISA and the FBI, along with the Department of Health and Human Services, recently released an advisory describing the tactics, techniques, and procedures that are typically used by cybercriminals against targets in the Healthcare and Public Health Sector to infect systems with ransomware, notably Ryuk and Conti, for financial gain.

So, how do we detect these threats? How do they detect these threats? CISA, FBI, and HHS assess malicious cyber actors that are targeting the HPH Sector with TrickBot and BazarLoader malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services. Within the Healthcare and Public Health Sectors, these issues will be particularly challenging for organizations affected by the COVID-19 pandemic (which is pretty much everyone). Administrators will need to assess this risk when determining their cybersecurity investments.

Many organisations are to the point where they are asking themselves:

“How do we prevent this from happening to us?”
Or, in a more unfortunate scenario: “How did we let this happen to us?”
And: “What do we do now?”
In both scenarios, we can help you not only detect, protect, and prevent potential attacks, but also give you the tools to restore your organization back to its normal production state (even if you are already under attack). We do that by implementing CryptoSpike.
By utilizing your existing native snapshots, CryptoSpike uses a multi-pronged approach consisting of a Block List, an Allow List and a Pattern learner module to better protect your environment. It also detects immediate day-one threats, so that you know exactly where and on what user profile or device a potential attack took place, without having to do a full rollback or restore. With CryptoSpike you only restore the infected file(s) back to their last known good state within seconds. This cuts down on time and resources tremendously by detecting, preventing, and allowing recovery from a ransomware attack within seconds to minutes. CryptoSpike is also very affordable and easy to deploy, so it not only keeps things costefficient but also makes it easy for you and your teams to deploy and monitor.
During a typical attack, (as laid out in the CISA/FBI advisory) TrickBot creators, “which are likely also the creators of BazarLoader malware, have continued to develop new functionality and tools, increasing the ease, speed, and profitability of victimization.” “These threat actors increasingly use loaders—like TrickBot and BazarLoader (or BazarBackdoor)—as part of their malicious cyber campaigns. Cybercriminals disseminate TrickBot and BazarLoader via phishing campaigns that contain either links to malicious websites that host the malware or attachments with the malware. Loaders start the infection chain by distributing the payload; they deploy and execute the backdoor from the command and control (C2) server and install it on the victim’s machine.”
This is where access transparency comes in. Providing you with the understanding of which users accessed what data, when, and how often, is very important. Since CryptoSpike is monitoring all user file access, it is ideally suited to track and deliver this information. With CryptoSpike, you can easily examine user behavior down to the level of files and folders. Reports will show you user activity in terms of file opens, closes, deletes, writes and so on. This will provide you with definitive information that a volume, folder, file, etc. was accessed by a given user. CryptoSpike works together with the NetApp FPolicy server, which is required. The FPolicy server will enforce the blocking decisions made by CryptoSpike. For example, if ransomware is detected by the Learner module, the relevant user will be changed to having read-only access, which stops them from further spreading the ransomware. CryptoSpike lets you know which files have been affected, allowing you to do targeted recoveries, rather than having to roll-back an entire folder. Meanwhile, CryptoSpike provides a list of infected files, allowing you to perform targeted recovery from NetApp snapshots. CryptoSpike is licensed out per controller-node with pricing tiered out by system size according to the NetApp model number. There are no capacity limitations in terms of total storage, number of files, or number of users, making CryptoSpike licensing very easy to manage.
US Ransomware Attacks Doubled in Q3; Healthcare Sector Most Targeted
New Check Point research examines the ransomware threat landscape for Q3 2020, noting a 50 percent increase in daily attacks. The healthcare sector is the most targeted globally.
CISA, FBI and HHS do not recommend paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. In addition to implementing the above network best practices, the FBI, CISA and HHS also recommend the following:
  • Regularly back up data, air gap, and password protect backup copies offline.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.”
Here at Catalogic, we will help you with that recovery plan, but also with a plan of prevention and protection with CryptoSpike. Being able to see what’s going on within your environment is crucial, especially within the Healthcare and Public Health Sector. Please make sure you have a plan in place, and please feel free to reach out to us any time. We’re here to help.
To learn more about CryptoSpike – Ransomware Protection for NetApp, click here.

Read More
12/11/2020 0 Comments

While we all continue navigating the ever-changing world of data protection, we’re always searching for better data protection at more affordable costs, while still maintaining necessary security and compliances. At Catalogic, we do exactly that. We provide you with an array of data protection product options to help fit your environment’s needs. For example, our NetApp product options of Cryptospike and Restore Manager provide you with a more in-depth look at your environment from the data protection and search and restore analytics perspective.

Cryptospike is ransomware protection for NetApp, but it’s also so much more. Cryptospike provides you with real-time detection, prevention, and recovery capabilities for your NetApp file environments. By utilizing your existing native snapshots, Cryptospike uses a multi-pronged approach consisting of a Black list, a White list and a Pattern learner module to better protect your environment. It also detects immediate day-one threats, so that you know exactly where and on what user profile or device a potential attack took place, and without having to do a full rollback or restore.

With Cryptospike you only restore the infected file or files back to their last known good state within seconds. This cuts down on time and resources tremendously by being able to detect, prevent and recover from a ransomware attack within seconds to minutes, and it doesn’t hurt the bank either.
Another aspect of overall data security is data access transparency: understanding which users accessed what data, plus when and how often. Since CryptoSpike is monitoring all user file access, it is ideally suited to track and deliver this information. With CryptoSpike, you can easily examine user behavior down to the level of files and folders. Reports will show you user activity in terms of file opens, closes, deletes, writes and so on. This will provide you with definitive information that a volume, folder, file, etc. was accessed by a given user. CryptoSpike works together with the NetApp FPolicy server, which is required. The FPolicy server will enforce the blocking decisions made by CryptoSpike. For example, if ransomware is detected by the Learner module, the relevant user will be changed to having read-only access, which stops them from further spreading the ransomware. CryptoSpike lets you know which files have been affected, allowing you to do targeted recoveries, rather than having to roll-back an entire folder. Meanwhile, CryptoSpike provides a list of infected files, allowing you to perform targeted recovery from NetApp snapshots. Cryptospike is licensed out per controller-node with pricing tiered out by system size according to the NetApp model number. There are no capacity limitations in terms of total storage, number of files, or number of users, making Cryptospike licensing very easy to manage.

 

As important as ransomware protection is, so is having the ability to catalog, search and restore your files in a quick and easy fashion. Knowing what you have and being able to locate it in seconds when you need it, even if you have over billions of files, is huge. Catalogic has a solution for that as well, and this is where RestoreManager shines. RetoreManager is a scalable NetApp file catalog with an in-depth data analytics component. RestoreManager provides you with file-indexing, search and restore capabilities for your NetApp environment. With these capabilities, you’re able to utilize the multiple search filters to easily locate files, including name, type, file size, creation date, deletion date, and other search parameters.

As with Cryptospike, RestoreManager is very easy to use and highly scalable while giving you the option to restore your files to their original or alternate location. RestoreManager communicates to the systems via NetApp’s ONTAP SnapDiff protocol and supports all versions of the ONTAP operating system for NetApp primary storage systems. For NetApp SnapVault and SnapMirror targets, RestoreManager works with ONTAP and NetApp Cloud Backup (formerly AltaVault). RestoreManager uses the Elastic Search Database, an open-source solution that has excellent scalability, performance, load balancing and availability. Restore Manager is also licensed out per controller-node with pricing tiered according to the NetApp model number. Again, there are no capacity limitations in terms of users, total storage, or number of files.
Data protection is always extremely important, but so is being able to manage that data quickly, efficiently, and easily. What better way to do so than to have the ability to manage your storage array snapshots, replication and cloning processes all under one platform? Catalogic ECX is Copy Data Management (CDM) software that can bring modernization to an existing environment without disruption. ECX delivers “in-place” copy data management to enterprise storage arrays from IBM, NetApp, Pure Storage and HPE Nimble, allowing the IT team to make use of its existing infrastructure and data in a manner that is efficient, automated, scalable and easy to use. Catalogic ECX modernizes IT processes, enables key use cases, and does it all without additional hardware.

Organizations of all sizes need to modernize their IT processes to enable critical new use cases such as operational automation, DevOps and integration of system-of-record data with Cloud compute. They are equally challenged with improving management efficiencies for long-established IT processes such as data protection, disaster recovery, reporting, and test and development.

ECX from Catalogic automates the creation and use of copy data, snapshots, clones, and replicas on existing enterprise storage. This dramatically reduces the time spent on infrastructure management while improving reliability. By providing automation, user self-service and API-based operations without the need for any additional hardware, this frees up important IT resources. Being able to simplify the management of critical IT functions such as data protection and disaster recovery is extremely valuable for all environments. Automating the test and development of infrastructure provisioning reduces management time as much as 99%!

ECX also gives you the ability to Catalog and track IT objects, such as volumes, snapshots, virtual machines, datastores, etc.  ECX provides you with a more in-depth look into your copy data environment across the enterprise, including protection RPO/RTO compliance reporting. By fundamentally modernizing many common IT processes, ECX dramatically simplifies copy data management, enabling the automation and orchestration of data copies that can be leveraged across the enterprise and cloud for a variety of value-creating use cases. ECX is a very simple OVA deployment, is very easy to use and is licensed out per array. There are no limitations to the amount of storage capacity, number of users, number of files, or any other limits!

In addition to ECX, our other data protection product option provides you with excellent data protection options to round out your environment needs. Our DPX product is easy backup that works. It’s rapid, low-impact backup, instant recovery in place when you’re off-loading to tape, disk, or cloud. DPX provides robust backup and recovery capabilities. Our patented block-level protection reduces backup time and impact by 90%, for both physical and virtual servers. Files and applications are easily recovered directly from backup storage. You can have peace of mind that your data is reliably protected as per your Recovery Point Objectives (RPOs) and is there when you need it.

If you have any questions, please feel free to contact us. We would be happy to answer any of your questions and provide you with more information.

 

Read More
12/03/2020 0 Comments

The time has finally come. You’ve poured your blood, sweat, and tears into your most recent content piece, and it’s ready to be packaged up and sent to the client to be pushed live. After a few final checks and only…

Read More
08/28/2020 0 Comments

The time has finally come. You’ve poured your blood, sweat, and tears into your most recent content piece, and it’s ready to be packaged up and sent to the client to be pushed live. After a few final checks and only…

Read More
06/12/2020 0 Comments

The time has finally come. You’ve poured your blood, sweat, and tears into your most recent content piece, and it’s ready to be packaged up and sent to the client to be pushed live. After a few final checks and only…

Read More
04/22/2020 0 Comments

NetApp Insight 2019 was an exciting and information-packed event. We’d like to thank NetApp for being excellent hosts. And mostly, we’d like to thank those of you that participated in our No More Swag campaign. With your help, instead of giving away tradeshow swag, we’re donating $2,019 dollars to Three Square, a Southern Nevada food bank. We had 673 visitors (including attendees at our breakout) and at a promised $3 donation for each it just happened to match the calendar year!

Image: Some of the Catalogic team members at our booth at NetApp Insight 2019.

Some of the Catalogic team members at our booth at NetApp Insight 2019.

For each dollar donated, Three Square can provide three meals. So instead of taking home another squeeze ball to throw away, your support will provide 6,057 meals to needy people. That ought to feel better than just another squeeze ball!

Insight really is a great place to meet folks from across the NetApp eco-system: end-users, reseller partners and NetApp employees themselves. We met with many from each group and conversations ranged across a wide scope of topics.

  • How to combat ransomware on NetApp file storage
  • How to gather a full, meta-data index of NetApp files for easy search and restore
  • Saving lots of money by switching your NDMP backup solution to Catalogic DPX (and getting tiering-to-cloud in the bargain)
  • Easily migrating your OSSV backups to a solution that supports the latest ONTAP and operating system releases, and doesn’t change your backup architecture

We also had a great turnout for our breakout session, with about 100 people in the room. The session covered ransomware protection, file index and catalog as well as file data analytics. I guess we did a good job because we had a 4.76/5.00 rating for the session!  Some of the comments we received:

  • “Nice tools and would love to have them in my environment.”
  • “All relevant topics. Data analytics is lacking with native tools. Alternative to traditional Ndmp backup is needed. And file auditing is a requirement for my organization. Nice that all these are covered within this solution.”
  • “Good choice of topics, good delivery as well. I want a PoC.”

Speaking of a Proof of Concept, we’re happy to oblige anyone who wants to test out any of our NetApp solutions.  Just fill out our trial download form and we’ll get you software to try for 30 days. If you’d like to see a demo first, fill out the demo request.

That wraps up Insight 2019. Thanks again to those who helped us make a donation to the Three Square food bank, and we’ll see everyone next year!

Read More
11/06/2019 0 Comments

Sorry squeeze ball fans. Still no squeeze balls for you!

After our experience and positive community response at Pure //Accelerate 2019 when we stopped handing out trade show swag and instead made a charitable donation, we’ve decided to do it again at NetApp Insight 2019.

When you visit our booth at NetApp Insight (#316), instead of handing you a squeeze ball or other trade show swag, we’re going to make a $3 donation to Three Square, a Southern Nevada food bank. Three dollars for three squares a day! In fact, since each dollar donated to Three Square purchases three meals, just by dropping by and saying hello you’ll help deliver nine meals to needy people in Southern Nevada, including Las Vegas. That’s got to feel better than another squeeze ball!

At the same time, we hope you’ll linger a while at our booth to hear about our various solutions built on NetApp technology. And please drop into our session, 9002-2: Ransomware Protection, File-System Auditing and NAS Backup/Restore for ONTAP on Tuesday, Oct. 29 from 1:30 – 2:30 p.m.  If you’d like to schedule a meeting in advance of the show, visit our Insight page where you can schedule a meeting for any day of the show.

And while we’re no longer handing out throw-away swag like squeeze balls or novelty sunglasses, we are having drawings for SONOS One speakers. We’ll be doing one drawing a day, and a separate drawing for our session. To enter a drawing, just come by our booth and take a short online IT survey that should take you about a minute. That’s it! The other way to enter is to attend our session, as we’ll be giving away a speaker in the session.

We’re looking forward to meeting everyone at NetApp Insight 2019.

Read More
10/09/2019 0 Comments

Another day, another ransomware attack. It was recently reported that the city council in Riviera Beach, Florida, “voted to pay nearly $600,000 to hackers who crippled the city’s computer systems with a ransomware attack.” This sets a new record for publicly revealed payments by a government organization. And it does seem that government organizations get hit a lot, or maybe it’s just that they’re required by law to reveal it.

Baltimore city government was hit with an attack that shut down most of their servers. And before that, Atlanta got hit and constituents couldn’t access applications for bill paying, court records and some other things.

There’s an old saying that an ounce of prevention is worth a pound of cure; well, a few dollars of prevention could have prevented many dollars of a painful cure for these organizations. And it’s probably not worth relying on the old standby of “it won’t happen to me.”

Ransomware is a tricky beast. It doesn’t sneak in through the back door like hacker attacks that try to break into your IT systems. Ransomware walks right through the front door, hitching a ride with somebody who already has a key to the door: that is, your users. Typically, an attack happens because someone clicked on a link in an email or visited an infected website. Once on the user’s computer, the malware has direct access to your network.

How to stop it? User education initiatives are important, as is keeping systems patched to avoid exploits. And of course, back up your data! You can find more helpful information here, along with some scary statistics.

One of the main areas that are exposed to ransomware are your file shares. Finding a network file share is like hitting the jackpot for the malware, which starts to encrypt one file after another.

If your file shares (CIFS/NFS) happen to be on NetApp filers, we have a great solution for you. It’s called CryptoSpike and it comes from our technology partner ProLion. What makes CryptoSpike a good tool for fighting ransomware? Here’s a few things:

  • It uses multiple technology approaches to detect and stop malware, including a Learner Module that detects unusual user behavior. This allows you to detect Day Zero attacks.
  • CryptoSpike stops the spread of the attack by cutting off the infected user’s access to the file shares. Some files may get encrypted, but the attack is stopped before it spreads too widely.
  • Because it works with NetApp snapshots, CryptoSpike lets you easily revert back to an earlier snapshot, and at the file level. That’s critical because you don’t want to have to revert an entire volume with thousands or millions of files if only a few were infected. CryptoSpike helps you pin-point the infection and roll it back.

There’s lots more you can do with CryptoSpike. Want a quick look? You can watch our demo video. If you like what you see, why not request a trial copy? You can test it out for yourself. And it’s priced per NetApp controller, so no worries about number of users or files or disk capacity.

And whether you consider CryptoSpike or something else, please do consider something. You really don’t want to be figuring out how to send bitcoins to some hackers. That’s sure to ruin your day.

Read More
07/08/2019 0 Comments

Let us show you around


Data ProtectionData ManagementOpen VM BackupNetApp Ransomware ShieldNetApp File Catalog