ransomware

by

The shared responsibility of data protection requires collaboration between infrastructure software and backup software. Both systems must work together to ensure data resiliency, protection, and recovery. Relying solely on one or the other can leave gaps, creating vulnerabilities that put critical data and operations at risk.

Learn why data protection requires shared responsibility.

In this shared responsibility model, infrastructure software (including hypervisors, storage, and networking) handles hardware failures and maintains uptime. Meanwhile, backup software safeguards against user errors and cyberattacks and ensures long-term data retention. This balanced approach ensures complete protection across all potential points of failure.

The Complexity of Modern IT Environments

Data centers today are more intricate than ever before. Enterprises rely on a combination of hypervisors, bare-metal systems, containers, and cloud services across various platforms and environments. The traditional single-backup-system approach is no longer sufficient. Businesses must implement solutions that address the unique challenges of each infrastructure component.

Infrastructure software, which manages virtual machines, networking, and storage, should provide data resilience, ensuring that workloads continue running despite multiple simultaneous hardware failures. Meanwhile, backup software protects data from soft errors—such as accidental deletions, ransomware attacks, or software bugs—and provides long-term data retention and compliance.

The shared responsibility model creates a structured way for infrastructure and backup systems to complement each other, ensuring no gaps in data protection.

On Thursday, October 3rd, at 11:00 AM ET, we will explore the shared responsibility model in greater depth and demonstrate how its two components can work together to deliver unprecedented levels of resilience, protection, and recovery.

Register here to secure your spot!

VergeOS and Storware: A Shared Responsibility for Data Protection

The collaboration between infrastructure and backup solutions is at the heart of the shared responsibility model. The integration of VergeOS and Storware provides an excellent example of an end-to-end solution for data resilience, protection, and recovery.

VergeOS: The Role of Infrastructure in Data Resiliency

VergeOS is more than just a VMware alternative. It’s an ultraconverged infrastructure consolidating the hypervisor, storage, and networking into a single piece of software. In addition to delivering a more efficient infrastructure software solution, this approach allows VergeOS to provide superior protection against hardware failures, ensuring superior uptime and resiliency.

One of VergeOS’s standout features is its IOclone technology, which creates fully independent snapshots of selected objects, such as virtual data centers, instances, or virtual machines. Unlike traditional snapshots that rely on the redirect-on-write method, VergeOS’s IOclone ensures that snapshots are independent of the original object. If the original object is deleted, the snapshot remains intact and can be restored.

VergeOS also incorporates integrated deduplication, making snapshots highly efficient in terms of storage capacity consumption. This enables businesses to keep thousands of snapshots over long periods without any performance degradation.

In addition, VergeOS features ioGuardian, a real-time recovery solution that activates during multiple hardware failures. With inline recovery, ioGuardian provides missing data segments to virtual machines in real time, preventing downtime even during catastrophic failures. This ensures infrastructure resiliency, addressing gaps that often occur when infrastructure systems rely too heavily on backup systems for recovery.

Storware: The Role of Backup in Data Protection and Recovery

While VergeOS handles hardware-level protection and resiliency, Storware ensures data is safeguarded from user errors, accidental deletions, and ransomware attacks. Storware’s backup solution supports KVM-based hypervisors (including VergeOS), bare-metal systems, containers, and cloud environments such as Amazon AWS, Microsoft Azure, and Google Cloud Platform.

Storware’s two-stage backup architecture offers scalability and flexibility in data protection. In the first stage, Storware collects data from multiple sources and stores it temporarily in Storware nodes. These nodes can scale to meet increasing capacity or performance demands.

In the second stage, the data is transferred to a final repository, which could include object storage, file systems (NFS or SMB), enterprise-grade storage (such as Dell EMC Data Domain or HPE StoreOnce), or even tape libraries for organizations that need offline data storage.

Storware’s support for incremental forever backups captures only changes after the initial backup, reducing backup times and network strain. Additionally, Storware performs data consolidation in the staging area, ensuring that recoveries are full-speed, even when multiple incremental backups are involved.

When integrated with VergeOS, Storware leverages Change Block Tracking (CBT) technology to optimize backup efficiency by minimizing the amount of data transferred over the network.

Why the Shared Responsibility Model is Crucial for Modern Businesses

The partnership between VergeOS and Storware highlights the power of the shared responsibility model. Together, they provide comprehensive protection across all failure points—whether hardware-related or human error.

Organizations relying solely on backup software for all data protection risk gaps in infrastructure resiliency. Conversely, relying only on infrastructure software without a dedicated backup strategy can make meeting compliance or data protection best practices demands challenging. The shared responsibility model ensures that both systems—infrastructure and backup—work together harmoniously.

With VergeOS managing uptime and resiliency during hardware failures and Storware protecting against soft errors and enabling long-term retention, businesses can be confident that their data is fully protected. This holistic approach is particularly crucial for organizations managing multi-tenant environments, hybrid cloud infrastructures, or complex virtualized systems, where any failure can lead to severe consequences.

Conclusion: Shared Responsibility Equals Stronger Protection

Modern IT environments are vital to an organization’s success and demand a comprehensive approach to data protection. By adopting the shared responsibility model, organizations can ensure that infrastructure and backup systems work together to provide seamless data resiliency, protection, and recovery.

The collaboration between VergeOS and Storware exemplifies this model in action. VergeOS protects infrastructure from hardware failures and ensures uptime, while Storware safeguards data against soft errors and provides long-term retention. Together, they offer a turnkey solution that helps businesses of all sizes protect their most valuable asset—their data.

Join Our Webinar: How to Protect VMware Alternatives with VergeIO and Storware
Interested in learning more about how infrastructure and backup software can work together to safeguard your data? Join us for a live webinar, How to Protect VMware Alternatives with VergeIO and Storware,” where we’ll explore these concepts further and demonstrate how the two solutions integrate seamlessly.

  • Date: Thursday, October 3rd, 2024

  • Time: 11:00 AM ET / 8:00 AM PT

  • Duration: 30 minutes + Q&A
    Register here~ to secure your spot!

Filed Under: Blog, Protection Tagged With: , ,

by

There are best practices that on-premises IT can learn from MSPs to streamline operations, improve responsiveness, and enhance efficiency simply by applying them. Managed Service Providers (MSPs) and Cloud Service Providers are adept at navigating a rapidly evolving technological landscape, under constant pressure to lower costs. They excel in efficiency, scalability, and security across numerous customers while focusing on cost management, data resiliency, and disaster recovery.

Live Interview and Demo Thursday, June 27th at 1:00 PM ET / 10:00 AM PT – Register Now!

Modernized infrastructure software is critical in enabling MSPs and On-Premises IT to meet these challenges. Modernized infrastructure software combines virtualization services delivered via a hypervisor, storage services, networking services, and cloud services like multi-tenancy.

Applying MSP/CSP Best Practices for Server Longevity

While MSPs/CSPs provide infrastructure to their customers on a subscription basis, they, in most cases, must pay for the hardware upfront. The longer they can extract useful life from that hardware, the better the return on its investment. Maximizing hardware longevity requires infrastructure software with low overhead that leaves more of the available compute resources for customer virtual machines (VMs). It also requires software abstracted from the hardware so that it does not have to remove support for specific hardware configurations as they age and the software advances. Nothing is more frustrating and wasteful than having hardware idle because the software no longer supports it.

In terms of resiliency, the infrastructure software must move beyond no single point of failure, to multiple points of redundancy. Aging hardware is more likely to fail than new hardware; also, maintaining aging hardware under a service contract is more expensive. The infrastructure software should deliver such high levels of redundancy and availability that older servers can run until they fail, and when they fail, there is minimal disruption to operations. This capability also requires the software to be able to mix servers within the infrastructure from different server brands, processor generations, and storage configurations.

On-Premises Server Longevity

On-premises IT can learn from MSPs and use a similar strategy. In these data centers, there are often more than enough computing resources, and the only reason for a server refresh is to maintain warranty coverage. Suppose the infrastructure software can enable these servers to operate safely and with support beyond their original warranty. In that case, the on-premises IT operator can meet the challenge of flat or shrinking IT budgets. If the infrastructure software can also support the intermixing of new and old servers on-premises, IT can gradually add servers to the infrastructure, finally ending the never-ending cycle of storage refreshes and mass migrations.

VergeOS Extends The Life of Servers

VergeOS is unique in infrastructure software. Instead of creating an “IT stack” of loosely coupled software applications, we tightly integrated all infrastructure services into a single code base. This code base includes all the services required for infrastructure, including virtualization services, storage services, networking services, and cloud services. The integration enables VergeOS to deliver near-bare-metal CPU performance, outperform dedicated all-flash arrays, and maximize network efficiency.

VergeOS is also highly portable. It runs on your existing hardware. Its unprecedented level of abstraction from the hardware means that within the same instance, it can support servers of different brands, CPU generations, and storage media types. Six-year-old servers can run alongside six-month-old servers with operational simplicity. As a result, IT can scale its environment from two nodes to over 200 servers within a single instance, and those nodes can come from various server manufacturers with different configurations.

on-premises IT can learn from MSPs

Lastly, VergeOS is resilient. High availability is built into the software. It protects from drive and server failures, and ioGuardian extends the resiliency to withstand multiple drive failures and near-catastrophic server outages. Its Virtual Data Center (VDC) tenant technology, popular with MSPs to isolate customers, also simplifies disaster recovery for on-premises IT because it encapsulates the entire data center as a single, consistent object that makes replication and recovery at a remote site work the first time every time.

Applying MSP/CSP Best Practices for Data Center Density

Successful MSPs/CSPs face the challenge of building highly compact data centers. On-premises IT can learn from MSPs because, like them, they are always looking for ways to reduce their physical footprint, which lowers power and cooling costs. MSPs must also maximize the number of VMs per physical host without compromising performance. This requires an infrastructure software solution that doesn’t burden CPU resources, protects against the disruptive effects of ‘noisy neighbors,’ and has a licensing model that doesn’t penalize customers for investing in robust, dense, quad-processor servers. No one in IT wants to have to explain why the software is twice the price of the hardware.

On-Premises IT Density

On-premises IT operators can benefit from a similar strategy. Imagine cutting the physical server count by two-thirds. While quad-processor servers are more expensive than dual-processor servers, you will need fewer of them, so there is a significant opportunity to reduce server acquisition costs, which will lower power and cooling costs. Using highly dense servers to decrease footprint generally has two problems. First, most infrastructure software solutions are licensed by the number of cores, often making the software more expensive than the server itself.

The second problem is managing potentially double the number of VMs per physical server and protecting against the “noisy neighbor” problem. Most infrastructure software solutions are complex and limited in their ability to isolate workloads.

VergeOS Delivers Affordable Density

VergeOS solves the licensing and noisy neighbor problems. First, it is licensed by the physical host, not by the number of processors or cores. Customers can use the most potent servers without fear of a software penalty. Second, it enables on-premises IT to allocate specific physical hardware resources to specific VDCs. Mission-critical or performance-sensitive workloads could be placed in a particular VDC, and resources could be hard allocated to those VDCs and made available exclusively to those workloads.

Applying MSP/CSP Best Practices for Security

Security is a, if not the, top concern of MSPs. If, for example, ransomware sneaks its way into their environment because of a careless customer, all the customers in their environment could potentially be impacted. They must ensure they invest in capabilities to detect an attack, minimize its impact, and rapidly recover customers in the event of a ransomware detonation. MSPs are looking to move away from the multiple-point solutions they are using to protect and recover from the various attack angles. Instead, they are looking for software that takes an infrastructure-wide approach that is resilient to an attack and can aid recovery.

On-Premises IT Security

On-premises IT can learn from MSPs’ attention to security details. Ransomware protection and recovery are priorities for all organizations, not just MSPs. While the scope of the ransomware event may not be as broad, on-premises IT doesn’t have the same time, budget, or personnel available as MSPs. In addition to the MSP requirements of limiting the attack surface, detection, and recovery, simplicity must be added to the on-premises IT requirements.

VergeOS Delivers Ransomware Resiliency

Storage Features Only

VergeOS takes an infrastructure-wide approach to ransomware protection and recovery. First, it uses multi-factor authentication for all login attempts. Second, when VergeOS is installed, it is installed read-only so that it cannot be modified during an attack. When a VDC is created, a read-write copy of VergeOS is placed inside the VDC. If the OS within the VDC is ever compromised, a quick refresh of the VDC loads a new copy of VergeOS. Each VDC is firewalled off from the others, so an attack within the VDC will not spread to other VDCs. Our alert subscription technology powers our ioFortify product, and you can build an alerting mechanism that allows you to receive near real-time notifications in the event of an attack. We’ve demonstrated this capability on multiple live webinars where we’ve detected an attack within five minutes. Finally, our snapshots are read-only and protected from attack.

All of these capabilities work together to enable you to limit the spread of an attack, detect an attack quickly, and recover to the last known good snapshot prior to the attack within minutes. A typical recovery time for a VergeOS customer to successfully recover from and eliminate a ransomware attack is less than thirty minutes.

Conclusion

On-premises IT can learn from MSPs by adopting their best practices. These practices enhance efficiency, scalability, security, and cost management. Modern infrastructure software, like VergeOS, integrates virtualization, storage, networking, and cloud services, extending server longevity and supporting diverse hardware configurations while ensuring high availability and reducing the need for frequent server refreshes. This approach achieves greater data center density with efficient resource utilization and cost-effective licensing models. VergeOS enhances security with features like multi-factor authentication, read-only OS installations, and isolated Virtual Data Centers (VDCs), ensuring rapid recovery from cyber threats.

Filed Under: MSP Tagged With: , ,

by

VMware DR Tools Assessment

The list of threats to data center operations never stops growing, and IT professionals must periodically perform a VMware DR Tools Assessment. During these assessments, they should evaluate tools to:

  1. Address new data center threats
  2. Improve Recovery Point and Recovery Time Objectives (RPO/RTO)
  3. Simplify recovery processes
  4. Reduce costs

Generally, there are three types of tools that IT relies on to meet its organization’s requirements:

  • Backup and Recovery
  • Array-based Replication
  • Infrastructure-wide Replication

These tools lay the foundation for a disaster recovery strategy. They directly impact RPO, RTO, and affordability.

Backup And RecoveryArray-Based ReplicationInfrastructure-Wide Replication
Holistic ProtectionGoodPoorExcellent
RTO AttainmentGoodExcellentExcellent
RPO AttainmentPoorPoorExcellent
Hypervisor TransitionGoodPoorExcellent
DR OperationsPoorPoorExcellent
Cost$$$$$$$$
Comparing VMware DR Strategies

Live Webinar and Demonstration: “Comparing VMware DR Strategies” — Register Now

Meeting Classic VMware DR Threats

It is critical during a VMware DR tools assessment that IT ensures they address the classic types of threats to a VMware environment, such as floods, tornadoes, and power outages, which persist alongside the more recent threat of ransomware. IT needs to look for ways to improve RPO/RTO, simplify the recovery process, and also look for opportunities to lower DR costs.

Backup and recovery solutions are considered the least expensive option but also the least seamless in terms of recovery. While most solutions can recover a few virtual machines (VMs) on backup appliances, these appliances are not designed for the long-term hosting of many VMs. Backup and recovery tools have improved their resiliency to ransomware, with some now offering automated remote site recovery, but most still can’t detect an attack, so prolonged recoveries are commonplace, even with excellent backup strategies.

The critical challenge for backup and recovery is the time between protection events, often failing to meet increasingly strict organizational RPOs. An “aggressive” strategy of four hours may not be sufficient to meet organizational service level agreements (SLA). The time it takes to reposition data on production servers means that backup and recovery often fail to meet most organizational RTOs. Once the total cost of backup infrastructure (software licensing, dedicated storage hardware, compute server requirements at the DR site) is evaluated, the theoretical cost advantage of backup and recovery often dissipates.

Array-based replication is relatively seamless in transporting data to a DR site, but the target array at the DR site must be nearly identical to the primary site’s array. Dedicated arrays also can’t host VMs, so the customer must equip and manage server infrastructure at the DR site. Like backup and recovery, array-based replication doesn’t capture details that are not on the actual array, such as network configurations and VM settings.

Array-based replication provides a much more frequent protection event capability than a backup but is myopically focused on its data. If all data, including boot and configuration files, are on a single dedicated array, then array-based replication meets most organizations’ RTO demands. However, if data is on boot drives, network hardware, or different types of dedicated storage arrays, IT must ensure consistency between them. This often places them outside of the RPO. Another concern is the high cost of buying dual dedicated arrays, which places the strategy outside the budget of most organizations.

Infrastructure-wide replication encapsulates the entire infrastructure, capturing everything into a single object. It provides a complete, self-contained environment. The servers at the DR site can simultaneously run VMs and their data and network functionality such as firewalls and routing. Infrastructure replication, like VergeIO’s ioProtect, enables IT to create a turnkey pod easily deployed in the DR site. Since it is self-contained, there is no need to worry about consistency across networking and storage. Infrastructure replication meets and exceeds most organizations’ RPOs and RTOs. The consolidation also makes deployment extremely cost-effective.

Meeting New VMware DR Threats

VMware DR Tools Assessment

A critical part of a VMware DR tools assessment is making sure the tool can withstand new threats and use cases. While ransomware and natural disasters like fire, flood, and hurricanes remain top concerns, today, customers also want to ensure they are not locked into a particular hypervisor. Broadcom’s recent acquisition of VMware has shown IT professionals that licensing costs can increase quickly and dramatically. Broadcom’s delay tactics in providing renewal quotes only exacerbates this problem, leaving customers less time to transition. In addition to meeting the classic DR needs, modern VMware DR tools need to be able to help customers move to another hypervisor seamlessly at the click of a button.

These tools must provide proper backup and disaster recovery, continuously updating the DR environment while supporting the movement of VMs to an alternate hypervisor. Ensuring the secondary environment is current enables customers to verify VM functionality before a renewal surprise.

Backup and recovery solutions can provide some of this functionality, assuming they can restore “into” other hypervisors. However, most can’t. IT professionals must restore their VMs under the original hypervisor and manually convert them, often using a separate utility. The process is time-consuming and makes pre-disaster test verification challenging.

Array-based replication has almost no value in helping customers prepare for transitioning to other hypervisors since most alternative hypervisors can’t access VMware’s proprietary format.

Infrastructure-wide replication solutions may be the best suited for the “business” type of disaster, assuming they offer more than just one-time migration. For example, VergeIO’s ioProtect can continuously protect the VMware environment. IT logs ioProtect directly into vCenter and keeps copies updated quickly, thanks to change block tracking. Data is stored in the VMware format if IT needs it for a one-off recovery. When the “disaster” is a surprisingly more expensive renewal quote, customers can convert to the alternative hypervisor within seconds. The rapid transition makes testing DR and experimenting with a new hypervisor painless.

Conclusion

When performing a VMware DR tools assessment, backup and recovery is often considered the most cost-effective and manual of the available disaster recovery tools. IT must restore data to a new environment; that transfer takes time. Backup also may not protect all the extraneous files in the environment unless specifically pointed at them. Some solutions can help customers transition between hypervisors. Still, most can only restore a VM in its original format, requiring the customer to import the VM into the new environment manually.

Array-based replication is the most expensive option. Although it provides near-seamless replication between arrays, those arrays often must be identical. Additionally, any data or configuration files not on the array must be protected and recovered separately. Lastly, it does little to empower customers to move to or test another hypervisor.

Test Drive VergeOS Now

Infrastructure replication checks all the boxes. It provides cost-effective and simple recovery in classic disaster scenarios and, with the right migration capabilities, can assist customers when and if they need to move quickly to another hypervisor. It also provides a very high “first-try” success rate on both declared disasters and tests.

To learn more about infrastructure replication and how it compares to other disaster recovery strategies, join us for our live webinar, “Comparing VMware Disaster Recovery Strategies.”

Filed Under: Protection Tagged With: , ,

by

VMware is coming under ever-increasing scrutiny for its ransomware shortcomings, and now customers are considering a VMware exit for ransomware resiliency instead of just to reduce licensing costs. The heightened concerns come from increasingly sophisticated cyber threats, and recent VMware vulnerabilities have been part of the problem.

In conversations with numerous VMware users infected by a ransomware attack, they often recount tales of belated attack discoveries, followed by intensive recovery efforts that take weeks, if not months, to restore their systems entirely. VergeIO has identified key ransomware shortcomings in the VMware environment, and offers a viable means to address them effectively by exiting to VergeOS.

So, how can IT professionals break this cycle?

The Infrastructure-Wide Approach to Ransomware Resiliency

Click to Watch a Ransomware Recovery in Action

Ransomware resiliency revolves around more than backup software and hardware. If you have to count on backups to recover from a ransomware attack, you are in for a very long and painful process. Counting on a separate, third party backup process as VMware does, is why customers are considering a VMware exit for better ransomware resiliency, in addition to trying to reduce licensing costs.

A more comprehensive approach to ransomware resiliency is required, focusing on:

  1. Limiting Attack Surface: This means not all virtual machines (VMs) are exposed, creating barriers between them. The Virtual Data Center (VDC) technology by VergeOS mimics this concept, bundling VMs, storage, and network configurations within a group of applications, creating a “walled garden” to contain potential threats. By default, it is nearly impossible for a malware trigger file to move between VDCs.
  2. Prioritizing Frequent Data Protection: Regular backups won’t suffice. Ransomware can encrypt data faster than most backup schedules can accommodate. This ability to deliver rapid, frequent data protection is where VergeOS stands out with its IOclone-based snapshot technology. It ensures frequent, space-efficient, and impact-free data protection. VergeOS snapshots are independent copies rather than legacy snapshots that are a cascading tree of dependence. With VergeOS, customers can execute snapshots frequently with no disruption to performance.
  3. Immutable Data Storage: Traditional backups can still be compromised. VergeOS ensures that IOclone-based snapshots are immutable and safe from ransomware intrusions unless deliberately changed to read-write by an authenticated Administrator. Malware may launch within a single virtual data center, but it can’t spread beyond it, and it can’t infect immutable protected copies, which can easily be only a few minutes old.
  4. Timely Patch Application: VMware Administrators often need help to apply patching timely, potentially exposing vulnerabilities longer than organizations would like. VergeOS uses its VDC and snapshot technology to allow quick patch tests, ensuring smooth deployments without disruptions. IT Administrators can clone the entire VDC into a “Lab” VDC and test the patch impact against the entire data center without disruption to production.
  5. Swift Ransomware Detection: Recognizing a breach early is crucial. VergeOS’ IOfortify technology swiftly detects potential threats, often within minutes, allowing for prompt action and containment. The recovery effort increases in complexity exponentially with each minute the attack goes undetected.
  6. Efficient Attack Victim Identification: Once contained, it’s vital to pinpoint affected VMs. VergeOS’ telemetry information, coupled with IOfortify timestamps, accurately indicates compromised systems for quick recovery. It enables you to focus on the few infected VMs instead of needing to scan every VM in the environment.
  7. Zero-Data Movement Recovery: VergeOS enables a near-instant recovery process, allowing IT Administrators to restore operations promptly without lengthy data transfer processes. There is no data movement. Bring up the most recent snapshot, scan for a potential trigger file, remove it if present, and launch the clone into production. There is no data movement.
  8. Detailed Forensics: Instead of hastily erasing infected datasets, VergeOS enables you to quarantine and retain them, offering valuable insights into the attack mechanisms and aiding with future prevention strategies.
  9. Robust Operating Environment: VergeOS stands out with its hardened operating environment, ensuring that its core remains unexploited, and in case of any breach, a quick restoration is possible.

Our newest white paper, Creating an Infrastructure-Wide Ransomware Resiliency Strategy, will enable you to create a strategy to help you recover from an attack within minutes and with no data loss —Download Now. Justify a VMware exit for ransomware resiliency in addition to reducing licensing costs.

Rethinking Infrastructure Choices with VergeIO

VMware exit for ransomware resiliency

VergeIO’s focus isn’t a mere reaction to the ransomware challenges IT faces; it’s a well-thought-out strategy integrated into the core code base from day one. It ensures a fortified operating environment. When seeking a VMware alternative, cost savings are essential but not exclusive. If, during the VMware Exit, you can improve your ransomware resiliency, it makes the decision both compelling and logical.

Converting your VMware environment is painless and risk-free. Schedule a technical whiteboard session; our experts will walk you through the process.

Read about how ransomware infiltrated MGM’s infrastructure on 9/15/2023 encrypting more than 100 ESXi servers.

Watch as we protect, detect, and recover a VM that is being attacked by ransomware.

Filed Under: Ransomware Tagged With: , ,

by

VergeIO, the Ultraconverged Infrastructure (UCI) company, introduced a groundbreaking solution for ransomware protection – IOfortify. This latest innovation combines robust security; unlimited, unchangeable clones; and rapid, complete recovery to fortify data integrity and provide users with true peace of mind. – Julian Lee, President TechnoPlanet

Read more…

Filed Under: News Tagged With: ,

by

Once ransomware breaks through an organization’s defenses, time is of the essence, and IT must execute 5 steps to rapid ransomware recovery. The need for rapid recovery and minimal data loss was the top concern of 75% of the IT professionals responding to the survey we conducted during our recent webinar, “Creating a Holistic Ransomware Recovery Strategy,” now available on-demand.

There are 5 steps to rapid ransomware recovery with minimal data loss:

StepReason
Frequent ProtectionRansomware can strike at any moment, protection copies should be made, at least every few hours.
Long RetentionSome ransomware variants strike slowly to avoid detection. Recovery may require pulling data from multiple backup copies.
Rapid AlertingThe sooner you can detect you are under attack, the sooner you can stop the attack at its source and limit the damage
Mount Don’t RestoreTraditional restoration means copying data from an alternate storage medium, which takes time.
Practice, Practice, PracticeRansomware recovery is unlike any other. Find a safe way to “infect” your data center and practice.

Rapid Ransomware Recovery Step 1: Frequent Protection

While it may seem the most obvious of the 5 steps to ransomware recovery, it is missing from most response strategies. In an ideal ransomware protection scheme, protection events should occur every hour but at least every three hours. This necessary frequency of protection creates a challenge for many data protection approaches.

For example, most snapshot technologies, especially VMware’s built-in snapshots, will degrade performance significantly if the number of managed snapshots grows beyond a handful. However, even dedicated storage systems like all-flash arrays struggle when managing many snapshots. They may perform acceptably but can’t manage a sophisticated retention schedule. The intricacies of the snapshot metadata make deleting a snapshot, which is what a retention schedule does, egregiously slow. Because of its high metadata overhead, it takes the storage system time to “unwind” an intermixed snapshot, and its deletion means updating the metadata for all other snapshots. One result of this is that snapshots consume far more capacity than they should because they are so slow to give back the space used by old snapshots.

For these reasons, most organizations can’t tap into the full theoretical potential of ideal snapshot technology and, as a result, must count on backup and recovery solutions that significantly increase costs and slow recovery efforts.

Frequent Protection with VergeOS

VergeOS is different. At the core of VergeOS is global inline deduplication. Because VergeIO started with deduplication instead of bolting it on years after shipping a product, it delivers maximum data efficiency without impacting performance. Our IOclone capability leverages global deduplication to enable the creation of full clones of virtual machine data or even entire data centers in milliseconds. These clones are space efficient and independent of each other. You can have thousands of them without impacting performance. More importantly, you can delete them, even via a sophisticated retention schedule, in seconds, meaning any space they consume is instantly returned to the environment.

Rapid Ransomware Recovery Step 2: Long-Term Retention

Ransomware can take two attack vectors. The most common is, it will try to encrypt every file it can get to as soon as it breaks into the environment. The second attack vector is more sophisticated, slowly encrypting data to avoid detection. While the second vector is more sinister, most Bad Actors don’t have the patience to let the malware sit and slowly encrypt for months. They want the money now! Frankly, given the success rate of attacks once landing their malware payload, they don’t have to be sophisticated.

While the second attack vector is not as expected, it is wise to prepare for it. Long-term and granular data retention is the key to recovering from a slow-crawl ransomware attack. Again, because of performance concerns, snapshots are unsuitable for long-term retention in most cases. Backup software is excellent at the long-term recovery aspect but, because of the infrequency mentioned above, cannot provide a lot of granularity.

Solving the Retention Problem with VergeOS

Once again, VergeOS’ IOclone provides an ideal solution for long-term data retention, providing complete clones which are independent of each other. Retaining thousands of them doesn’t impact performance, and you can maintain as granular a history as you feel necessary. Getting rid of old files is another important step in limiting ransomware damage.

As mentioned, you can develop a sophisticated retention schedule to meet these requirements. For example, you can execute hourly clones and retain each for 24 hours. You can then execute a daily clone and retain that for seven days and a weekly clone that you retain for two months, and a monthly clone for a year. This type of schedule means a lot of deletion of older copies to reclaim space. It would cause significant performance problems for traditional snapshot techniques and take weeks to return the capacity reserved by those snapshots. IOclone has no performance impact, and reserved capacity is returned almost instantly.

Rapid Ransomware Recovery Step 3: Rapid Alerting

Knowing you are under attack is a critical part of 5 Steps to Rapid Ransomware Recovery because it addresses the other part of IT concerns, “with minimal data loss.” The sooner you know your environment is under attack, the sooner you can shut down the virtual machine under attack and limit the spread. The early warning also enables IT to better identify which protected copy they should turn to when starting their data recovery.

A few storage systems will provide an alert of a potential ransomware attack. Most of these will monitor for an increase in capacity utilization. The problem is that these alerting methods often miss an attack because capacity doesn’t necessarily grow. When malware works through your environment, it typically encrypts one file at a time, and during encrypting, those files will increase in size. After encryption, the file will be almost the same size as the unencrypted file. In other words, these methods will miss the attack. You’d much rather have a false positive than a missed attack.

IOfortify Delivers Reliable Attack Alerting

5 Steps to Rapid Ransomware Recovery

VergeOS’ IOfortify capability delivers reliable attack alerting by monitoring a change in deduplication ratios instead of changes in capacity utilization which is far more accurate. Encryption may not increase capacity utilization, but those files will look like new files to a deduplication algorithm. During our “Creating a Holistic Ransomware Recovery Strategy”, we demonstrated IOfortify, first identifying and alerting, then recovering a virtual machine whose data was actively being encrypted, in real time.

Rapid Ransomware Recovery Step 4: Mount, Don’t Restore

Mounting your recovery means pointing directly to your protected copy without having to move data. Restoring means copying the data from where it is back to the production volume, which can take dozens of minutes, if not hours, depending on the size of the volume and bandwidth of the network.

Again historically, the problem with directly mounting your recovery volume is how you maintain those copies. A traditional complete clone will consume too much capacity and take too long to create to be practical and violate the other above steps. A traditional snapshot still depends on the original volume; promoting it to production may mean a complete copy/restore.

Some backup solutions have an “instant recovery” solution. The problem with this method is that while you are mounting a volume, you are mounting it from a backup storage target which typically doesn’t have the performance or availability capabilities of production storage.

IOclone instant recovery with no performance impact

IOclone enables IT to point directly at a version of the virtual machine or data center before the ransomware attack. It is online instantly, and because of its independence, it does not need to be “rolled back” to production.

Rapid Ransomware Recovery Step 5: Practice

Ransomware recovery is unlike any other, so IT must practice the recovery process. The problem with practice is risking a “leak” of the practice into production.

Virtual Data Centers Make for Perfect Practice

5 Steps to Rapid Ransomware Recovery

VergeOS’ Virtual Data Center (VDC) capabilities enable IT to create a complete, secure copy of their entire data center and “infect” it with a ransomware simulator or an encryption program. Their isolation ensures the practice attack doesn’t “leak” into production. Verge.IO even has some customers that put their VDC, with anonymized data, out as a publicly addressable honeypot so they can test their attack response against a real foe.

Conclusion

The 5 Steps to Rapid Ransomware Recovery require preplanning, and they also require better infrastructure software. Because of the “bolt-on” approach to all features and protection capabilities, platforms like VMware can’t provide the same level of protection as VergeOS. The good news is you can transition from VMware to VergeOS seamlessly and at your own pace. You’ll have a more resilient environment and reduced costs by 50% or more. To learn more about using VergeOS as a VMware exit ramp, read our VMware Alternative page. You can also start using VergeOS as a Disaster Recovery solution, including for ransomware recovery, for VMware without migration using our IOprotect capability.

Watch Creating a Ransomware Response Strategy

This field is hidden when viewing the form
This field is hidden when viewing the form
Name(Required)

VergeIO’s Inbox Respect Policy: We will send you no more than two e-mails per month

Filed Under: Ransomware Tagged With: ,