Ransomware is a growing threat that continues to wreak havoc within businesses as cybercriminals constantly innovate in terms of how they are executing attacks. One of the latest trends being seen is that attackers are proactively targeting and removing backup data. This is because if they encrypt or remove an organization’s backup data, then they have significantly enhanced the likelihood of the ransom being paid.

History of Novell Open Enterprise Server

In early 2005, Novell, since then acquired by Micro Focus, made a splash in the Linux pool with their Open Enterprise Server (OES) product. Based initially on Netware and SUSE Linux Enterprise Server (SLES) and later just on SLES, Micro Focus OES is an enterprise-scale server operating system that provides essential shared services, including networked storage, file and print services, identity management, and network connectivity for Windows, Mac, and Linux client devices.

Protecting Micro Focus OES Environments

Now, as you would expect, where Micro Focus OES is a large part of an organization’s shared network services and computing environment, it is a critical part of IT infrastructure. So much so that if services were to go off-line for whatever reason, your users would be out of commission. With that in mind, it is crucial that the data stored in your OES environment be backed up and protected.

Over the years, a wide variety of data protection vendors have provided adequate Micro Focus OES backup and recovery. OES users had some options when it came to choosing a backup provider. However, as time has gone on, those same vendors have slowly moved on from the Novell family of products, leaving many OES customers with no way to protect their data.

Catalogic DPX and Micro Focus Backup Partnership

Catalogic Software is not one of those data protection vendors that backing off from OES backup. Catalogic DPX has provided industry-leading Novell OES backup and recovery for Novell products since 1997, and we even pioneered many data protection features such as OES cluster-support and deep GroupWise integration for Groupwise backup. Unlike many other vendors, we have never backed away from our commitment to the Novell family of products, even after the acquisition by Micro Focus.

DPX support for Linux and NSS File System, eDirectory, and More

DPX supports full, incremental, and differential backups, which can be targeted at the volume, directory, or individual file level. Files can be restored with security and metadata and file-attributes / trustee rights still intact.

DPX Supports the following for OES backup:

1. Cluster configuration OES
2. GroupWise environments
3. Backup of standalone and shared NSS volumes,
4. Backup of eDirectory, etc.

Cybercriminals love nothing more than infiltrating a network, accessing your data, and encrypting it so it can no longer be accessed until a ransom is paid. Typically, the longer the data is encrypted and unavailable, the larger the financial impact. These criminals may even sell the data outright.

Attacks are becoming more frequent and sophisticated. A ransomware attack study from Ivanti found that of 1,000 enterprises IT professionals across the globe, 58% had worked for organizations that had suffered a ransomware attack in the last year! Sadly, cybercriminals have become an almost unstoppable force.

If you are a software vendor like us, you need to ensure you have very robust security policies and procedures in place to prevent hackers from gaining access to code. Because if they do, every single customer using your software is then at risk of attack.

One of the largest global ransomware attacks to date happened to Kaseya, which provides IT management software for MSPs. Kaseya’s VSA remote monitoring and management tool was used as an attack vector to inject ransomware into over a thousand systems via thirty-plus MSPs. This is not the first time this type of supply chain attack has taken place with SolarWinds, having a similar scenario unfolded last year.

We are living in a data-driven age. Security is a process that needs to be implemented with policies in place to ensure that users, networks, and devices are as protected as possible. Part of the security process for your data should involve a reliable and tested data protection solution that will support your organization in recovering your data quickly if it is compromised.

When choosing the fortress for your data, there are five key capabilities your data protection solution and IT team needs to provide to shield, protect, survive and recover from a ransomware attack:

• Ensure redundant backups
  Backup is everything and it is of the highest priority to ensure your organization’s backups can be counted on to recover lost data. The 3-2-1 backup rule is a great strategy for data protection. It calls for three (3) copies of data, on two (2) different storage media types, with one (1) of the copies offsite or in the cloud. With backups to recover from and the offsite copy that ransomware cannot reach, this strategy is good insurance against bad actors stealing data. The 3-2-1-1 rule adds at least one backup copy verified was not locked or corrupted that can be recovered. 3 copies, 2 media, 1 offsite, and 1 verified recoverable. Catalogic DPX is the perfect product to enable 3-2-1-1.

• Granular recovery points
  Backup is must be completed every day. Sometimes things get in the way and a backup might be missed occasionally. But if you are only backing up once per week and ransomware strikes toward the end of the week, the company could lose many days of data. Backups and snapshots must run regularly, or point-in-time copies of data are taken as often as possible. This helps an organization recover as close as possible to the time the data was encrypted or damaged by ransomware.
  Ransomware attackers are analyzing behavior and traffic waiting for the best time to strike. Sometimes attackers are present in the network and have access after recovery, allowing them to attack again. Take this into consideration and set longer retention periods than your typical defaults of  30, 60, or 90 days.

• Air-Gapped and Immutable backups
  If your backups reside on the same network or the same storage system as your production data resides, they are vulnerable to attack also. Cybercriminals have gotten more sophisticated and one of the first items they do is to search for and remove all your backups so that no data recovery is possible. Having backups air-gapped in the cloud or on tape that the ransomware attacker cannot easily reach, helps ensures that your data is recoverable. Further, if your backup data or data snapshots are immutable or locked from changes, they can be used to rapidly recover your data in case ransomware encrypts your primary data.

• Application-aware backup
  Applications require additional consideration if they use a database and the data is protected only by those files themselves. When ransomware hits, it takes several steps to recover applications. Application-aware backup is important as it defends application metadata and ensures that the application servers can be recovered. Conduct application recovery verification tests on a regular basis to stay in the know and confirming that the data and applications can be restored.

• Reporting can predict disaster ahead
  It is typical for incremental data backup to contain fairly small changes between full backup cycles. One big tip-off when ransomware hits (with data encrypted) is that an incremental backup suddenly becomes the size of a full backup. Modern data protection products can track anomalies and report if backup sizes are unexpectedly much larger and alert the backup/security administrator. This is very helpful in identifying an attack in progress, and also sets the point in time from which rapid data recovery can commence.

Data Protection is the last line of defense when it comes to ransomware attacks. Ensure that you have a data protection fortress-like Catalogic DPX that is ransomware recovery ready.  If you are interested in learning more about how Catalogic can assist you in implementing your data protection fortress to ensure recovery from ransomware attacks, please contact us and also watch our recent webinar Protect and Recover Your Data from Ransomware Attacks.

This month we announced Catalogic DPX 4.7.1 general availability. This release continues to build on the previous DPX 4.7.0 release by adding many new features and enhancements, including:

• One step Master server update – Updates of the Master appliance have improved to require only running the update script to update the entire master server appliance.
• Virtual Machine exclusions – Adds the ability to exclude specific virtual machines from Hyper-V backups based on explicit selection or pattern selection (e.g., test *or lab*)
• Better password security – Enhances login security for the HTML user interface by forcing a password change on the first login.
• Better job instance management. Further enhances the HTML user interface by adding the following functionality:
  • Allowing the ability to start or cancel any job type from the job monitor screen.
  • A download of all job logs from the job monitor screen.
• More local languages – Expands the DPX local language support by adding the Polish language to the HTML user interface as a supported language.
• Additional Cloud Providers – Adds support for Wasabi Cloud Storage and Scality Ring as supported cloud provider targets for Archive and NDMP Protection.

This release also contains several other enhancements and fixes. For further information, see the release notes and what’s new documents on our support site.

Contact us to learn about our current Catalogic DPX promotions:

• Free review of your current backup strategy for ransomware protection
• Scalable backup appliance guarenteed to reduce your backup storage costs
• NDMP Backup at $20 per TB per month that saves up to 80% vs. legacy solutions