Security Shield protection form lines, triangles and particle style design. Illustration vector

Executive Summary: WHAT ABOUT PREVENTING DISASTERS SUCH AS RANSOMWARE?

Welcome to post number three of our three part Business Continuity blog series. The saying “an ounce of prevention is better than a pound of cure” definitely applies to Business Continuity. In this article we will place some focus on preventing disasters like ransomware, and introduce the 3-2-1 backup principle.

By utilizing existing storage solutions you already own, Peer Global File Service (PeerGFS) monitors file systems from multiple vendors in real-time to create a highly-available active-active DR solution while helping to prevent ransomware from spreading, whilst also creating an off-site backup.

To find out more or request a trial copy, click one of the buttons below.

More About PeerGFS
Download Request

Part 3: What about preventing disasters such as ransomware?

Now that we have discussed workload considerations, the 3-2-1 backup principle, and how PeerGFS can help you attain RPO and RTO goals, you may be thinking that if PeerGFS is reacting to file-level changes and copying files to the other side, wouldn’t it also copy a ransomware-infected file too? Other DFS solutions may, but PeerGFS includes Malicious Event Detection, or MED technology as standard.

This combats ransomware in three different ways.

Firstly, it will look for the type of file activity patterns that a ransomware program would typically cause. If detected, it can immediately and automatically halt any file synchronisation between the participant locations, to prevent it spreading around Dennis’ organisation. It can also send email alerts to Dennis and his administration team, so that they can be made aware of a potential malware strike that they need to look into.

Secondly, PeerGFS can write bait files that act as a honeypot for malware. These are hidden files that the users wouldn’t see, and shouldn’t be touched by anything else. If they are, an alert can be triggered and synchronisation can optionally be halted.

Thirdly, on Windows Servers PeerGFS can establish directory traps, which, like bait files are hidden folders that the users wouldn’t see. These folders point back to themselves, so as a ransomware process is trawling through the files and folders, looking for the types of files that it wants to attack or encrypt, it will get stuck in the directory trap, looping round and round within that same folder, again triggering an alert and buying Dennis and his admins time to investigate. Think of this like a fly getting stuck on fly paper, or as I like to call it, the Hotel California solution; “you can check in any time you like, but you can never leave.”

The MED technology is designed to prevent PeerGFS from spreading ransomware-infected files to other servers. Remember, PeerGFS is designed to react to file changes in real-time, so ransomware could spread quickly otherwise. So that is why Dennis’ disaster recovery solution also has the off-site copy, and it’s better than having just another copy of the data at the off-site location.

By using object storage, such as Azure Blob, an AWS S3 bucket, or an S3-compatible storage solution at that co-location site in Frankfurt, Dennis can have a copy of each VERSION of each file stored as a separate object, AND stored natively, so that there can be none of that nasty vendor lock-in. If Dennis decides to stop using PeerGFS, the files are still accessible at each location in the normal way. There’s no gateway or special file formatting or vendor-specific technology to prevent Dennis or his users from getting at the Data.

Dennis can set controls over how many versions of each file to keep and for how long, to control the disk space required, and of course, rein in the ongoing cost to the business.

This means that if hit by ransomware, Dennis can easily restore a version of the file or files from a point in time before the ransomware struck, and rather than pay some evil A-hole a bunch of Bitcoin for the decryption key and hope for the best, he can simply overwrite the corrupted files with the last good version.

To summarise, public cloud and hybrid solutions definitely have their place. There are certain workload types that are perfect for cloud solutions, and definitely some that are cheaper and more sensible to keep within your data centres.

As to whether public cloud should play a part in your disaster recovery strategy, well that’s up to you. It can be very effective, but so can keeping an off-site copy in a datacentre or co-location site. When designing a good disaster recovery plan, which of the following would you choose?

  • 3-2-1 backup principle

  • Continuous Data Protection for redundancy and business continuity

  • Ransomware protection

  • Public Cloud

  • Co-location Site

Contact Us!

About the author

Spencer Allingham Headshot
Spencer Allingham
Presales Engineer at | + posts

A thirty-year veteran within the IT industry, Spencer has progressed from technical support and e-commerce development through IT systems management and for ten years, technical pre-sales engineering. Focussing much of that time on the performance and utilisation of enterprise storage, Spencer has spoken on these topics at VMworld, European VMUGS and TechUG conferences, as well as at Gartner conferences.

At Peer Software, Spencer assists customers with deployment and configuration of PeerGFS, Peer’s Global File Service for multi-site, multi-platform file synchronisation.