Most ransomware attacks happen when files get compromised, so your NetApp file shares are among the most vulnerable parts of your organization. File shares are where end users meet the data center most directly, and most ransomware comes through the front door via interaction with end users. It’s as simple as someone in your organization getting an email, they click on it, and bang! Your file shares are infected.
To see CryptoSpike in action, watch
It begins with a Block List that includes thousands of ransomware file endings or names. Updates are made every day and downloaded to the CryptoSpike server.
File Audit Trail
Another aspect of overall data security is data access transparency: understanding which users accessed what data, plus when and how often. Because CryptoSpike is monitoring all user file access, it is ideally suited to track and deliver this information.
With CryptoSpike, you can easily examine user behavior down to the level of files and folders. Reports will show you user activity in terms of file opens, closes, deletes, writes and so on. This will provide you with definitive information that a volume, folder, file, etc. was accessed by a given user.
Alarms and Real-Time Blocking
CryptoSpike works together with the NetApp FPolicy server, which is required. The FPolicy server will enforce the blocking decisions made by CryptoSpike.
For example, if ransomware is detected by the Learner module, the relevant user will be changed to having read-only access, which stops them from further spreading the ransomware. CryptoSpike lets you know which files have been affected, allowing you to do targeted recoveries, rather than having to roll-back an entire folder or more.
IT security can then be alerted about the infected user and suitable steps taken to disinfect their system. Meanwhile, CryptoSpike provides a list of infected files, allowing you to perform targeted recovery from NetApp snapshots.