Ransomware is the universal threat. No matter an organization's data center location, or its size, it can be devastated by a ransomware attack. While most organizations focus on the periphery, they also need to be prepared for a breach, something that ransomware is particularly adept. In case of a breach, an advanced backup and disaster recovery solution can ensure safe and timely recovery of data without paying ransom. In this webinar join experts from Storage Switzerland and Micro Focus as they discuss the impact of ransomware and the core features of a backup solution that can mitigate the associated risks.

1. Is your current data
protection solution able to
stand up to an attack?
Backup vs. Ransomware -
5 Requirements for Backup Success
For audio playback and Q&A go to: bit.ly/BackupvRansom

2. OurSpeakers
Gagan Bhatia,
Data Protector,
Product Marketing
George Crump,
Founder and
Lead Analyst
Gautam Bhasin,
Product Manager
Data Protector

3. How Does
Ransomware Work?
● Malicious code that breaches the
organization's defenses typically via
a user’s negligence
● Once inside the code traverses all
mountable file systems and encrypts
data
● To decrypt user has to pay for the
encryption key, hence “ransom”

4. Ransomware is
a Multi-Billion
Business
● Estimated $325 Million in 2015
● Estimated $5 Billion in 2017
● Estimated $11.5 Billion in 2018
* Source CyberSecurity Ventures

5. Recent Attacks (that we know of)
● Town of Wasaga Beach (May 26th, 2018)
● Associates in Psychiatry and Psychology (May 24th, 2018)
● Riverside Fire and Police (May 13th, 2018)
● Center for Orthopaedic Specialists (April 25th, 2018)
● Prince Edward Island (April 23rd, 2018)
● Colorado Department of Transportation x 2 (April 2018)
● City of Atlanta (March 2018)

6. Key Ransomware
Trends
● SamSam Leading Concern
● On the Rise
○ Silent Infection (slow
deployment)
○ Re-Infection
○ Backup Infection

7. ● Infection attacks data not in the backups (added or changed)
● Rapid infection of hundreds of thousands of files
● Backup configuration files and protected data may themselves be infected
○ Making recovery impossible
● The malicious code may be restored and retrigger the corruption
○ Creating an endless loop
● Recovery has to be faster and easier than “just paying the ransom”
Ransomware Recovery Challenges

8. 5 Requirements to Backup Success
vs. Ransomware

9. Requirement 1 - Deep Integration with
Primary Storage
● Enables the backup process to
control snapshots
○ Provides frequent backups -
Snapshot hourly, backup snapshot
○ If snapshot is not infected recover
from the snapshot

10. Requirement 2 - Intelligent
Recovery from Fastest Source
● Ransomware impacts entire volumes
with millions of files on them
● A file by file recovery will be very slow
● Snapshot, image restoration or “boot
from backup” recoveries are preferred
● Automation is key here - when it
comes to recovery, every second
matters

11. Requirement 3 - Advanced Analytics to
Identify Breaches and Ensure Data Integrity
● Identifying “patient zero” (the
infecting file) is critical
○ Stops repeat attacks
● Can alert admins of silent infection

12. Requirement 4 - Rapid
Bare Metal Recovery
● Most backup software only provides
rapid recovery for virtual systems
● Ability to streamline and simplify
backup process
● Recovery to dissimilar hardware
● Quick way to restore both system
and data

13. Requirement 5 -
Secure Backup
Configuration and
Protected Data
● Set configuration files to read-only if
accessed outside of the application
● Encryption in-flight and at rest
● Ability to manage backup and
recovery process in a secure way

14. Requirement 5 -
Secure Backup
Configuration and
Protected Data
● Set configuration files to read-only if
accessed outside of the application
● Encryption in-flight and at rest
● Ability to manage backup and
recovery process in a secure way
● Difficult to do in a multi vendor
backup environment

15. Data Protector : Mitigating
ransomware risks
Gagan Bhatia | Product Marketing
Gautam Bhasin | Product Manager

16. Customer Story: A Global Logistics Company
Ransomware attack disabled 90% of their systems; backup restored all of them within 2 days using
Data Protector.
▪ Ransomware attacked detected over the weekend
▪ 90% of VMs got infected within 24 hours. Impacted user data, email
system, and Citrix desktop virtualization environment
▪ Customer used Data Protector to recover their data without paying
ransom
▪ 80% system recovery next day, full recovery the day after from
snapshot backups on disk

17. Micro Focus Data Protector
Comprehensive backup and disaster recovery for hybrid infrastructure and enterprise applications
• Enterprise class scalability and security
• Application-consistent recovery
• Advanced virtual environment protection
• Best-in-class platform and cloud
integrations
• Integrated disaster recovery
• Monitoring, automation and reporting
Dashboard, Reporting and Monitoring
Analytics Integration
Secure Multi-Tier Architecture
InfrastructureApplicationsPredictive AnalyticsMgmt Plug-in
Secure PeeringFour-tier design Rest APIs
Remote OfficesCore Data Center Cloud
Orchestration

18. Key security features
Data Protector Security Model
▪ Centralized command and control
▪ Secure communication over TLS 1.2
▪ User authentication and LDAP
integration
Data Security: Encryption
▪ AES-256 bit software-based
encryption
▪ In-flight and at rest encryption with
HPE StoreOnce and Dell/EMC Data
Domain backup systems
Cell Manager Agent
Send me a list of all your files
OK
Rogue client
Delete everything
No
Secure communication between members
Cell Manager Agent
May I execute this procedure?
OK
Centrallized command execution

19. Integration with storage arrays
Hypervisor
Storage Array
Micro Focus
Data Protector
Disk TapeCloud
Snapshots
Snapshots
1. Hypervisor snapshot
2. Array-based snapshot
3. Snapshot backup
▪ Quick, more frequent backups:
Snapshot orchestration,
management, and backup
▪ Faster recovery: Instant
Recovery (IR) feature can
recover data in minutes
▪ Multiple recovery options:
recover from SAN, disk, backup
appliances, cloud, or tape

20. Integrated Bare Metal Disaster Recovery (BMDR)
Restore the entire system and its data when a hardware crash, disaster, or security attack occurs
▪ Built-in disaster recovery capability, no additional cost
▪ Physical to physical (p2p), virtual to virtual (v2v), physical to virtual (p2v), virtual to physical (v2p)
▪ How it works?
- Collects all relevant environment data automatically during backup and creates a DR image.
- During full system recovery, the EADR process:
- Boots the target system either from a CD, a USB drive, or over the network.
- Automatically installs and configures the operating systems.
- Formats and partitions the disks, and
- Finally recovers the original system as it was at the time of backup.
- The entire process is done with minimal user intervention

21. BMDR for 5000 systems affected by Ransomware
Use Enhanced Automated Disaster Recovery
(EADR) to get to clean point-in-time
Nightly backups of servers with System
Recovery Data (SRD) to co-located devices
Media protection for primary backup
The enterprise protection blue print was detailed to
map servers to CMs, Media and Devices
How the (Ransomware) West Was Won
On attack, create ISOs for affected systems

22. Summary -
What to Do if
Ransomware
Strikes
● Identify Attack (Analytics)
● Identify File Zero (Analytics)
● Identify Known Good Copies
(Backup Security and Analytics)
● Recover Quickly (Snapshots first
choice, boot from backup second)
● Monitor for Re-Infection

23. Thank you!
Storage Switzerland
http://www.storageswiss.com
georgeacrump@storageswiss.com
StorageSwiss on Twitter:
http://twitter.com/storageswiss
StorageSwiss on YouTube:
http://www.youtube.com/user/storageswiss
Micro Focus
https://www.microfocus.com/dataprotector
Micro Focus on Twitter:
https://twitter.com/microfocus
Micro Focus on FaceBook:
https://www.facebook.com/MicroFocus

24. Backup vs. Ransomware -
5 Requirements for Backup Success
For complete audio and Q&A please register for the On Demand Version:
bit.ly/BackupvRansom