DCIG ranks Nexsan Unity among the Top 5 2 PB+ Cyber Security Backup Target Report. Get the Report Here.
New Product Release - Unity NV6000 Unified Storage with Ransomware Protection. Learn more.
Since 1999, Nexsan has delivered reliable, secure, and scalable on-premises data storage solutions designed to meet evolving business and IT requirements.
Nexsan offers versatile and robust storage solutions tailored to adapt seamlessly across a diverse range of sectors, ensuring reliable performance for critical data management.
Discover a range of materials that highlight the effectiveness and versatility of our products. This page is an ideal starting point for anyone looking to understand the breadth of our technology and its real-world applications, offering a blend of educational and insightful content.

How to tackle Ransomware

March 22, 2017

Gary Watson, Vice President Technical Engagement

I was staggered to read recently that UK companies are stockpiling bitcoins in preparation for a Ransomware attack. This means two things, one that they expect an attack and two, that they see no choice but to pay it. As attacks get more sophisticated, security designed to keep the virus out is struggling. Any breach that tricks a user – already on the inside of that perimeter fence – will get through it, however tough the security is.

So, let’s imagine it’s happened: the ransomware has passed your firewall and is in. You have a demand to pay and the clock is ticking. You can’t afford to lose valuable data nor admit to customers that often confidential or highly sensitive data has been at risk. You have to pay, right? Wrong. If your archive storage has the option to restore to a point in time, then you can revert files to the version they were prior to the attack.  Furthermore, in the case of a widespread attack, you have the option to restore just the shortcuts, which is an extremely fast operation.

Nexsan’s Unity Active Archive is built with security in mind and doesn’t have a “delete” function. This means that clients, even administrator-level users, or malware that has escalated to admin level (which most try to do), can’t directly delete, modify, corrupt, overwrite, or encrypt a file. Files are only deleted pursuant to the policy attached to the file when it was ingested. Any such attempts will be treated merely as a new version of the file.

What does this mean? It means that even if the malware tricks your system into thinking it is the administrator, any amends to a file will create a new file, ensuring the old, non- corrupted file remains safe and is ready to be accessed as soon as the ransomware has been disinfected from your infrastructure. Once your system is clean again, you can re-instate the shortcuts to the file that existed before the attack. Which means none of your archived data is lost and the ransom demand can be ignored.

Re-instating the shortcuts takes seconds compared with restoring data from a backup. And oftentimes it is discovered that the malware has not totally been removed, so the process of disinfecting and restoring needs to be repeated. With a process, based on re-instating shortcuts, a ‘rinse and repeat’ cycle is significantly quicker and doesn’t impact the RTO as much, which means the business can be up and running faster.

The current tendency for companies to pay the ransom demands of malware perpetrators will only encourage more hacks and more ransoms. It’s not acceptable and it certainly isn’t sustainable. Of course data is critical to a business and sensitive data even more so, but companies should be aware that there is an alternative. With Unity Active Archive you can recover critical data without paying the ransom, to find out more, read here.

Additional resources

Contact Us