NetApp and Ontrack vs. CryptoLocker Ransomware
Ontrack and NetApp recently battled the CryptoLocker ransomware virus.
The Damage of CryptoLocker
The battle begins with a single laptop at a large pharmaceutical company infected with CryptoLocker ransomware, a malware that encrypts files and holds the key until the user pays the ransom amount. Once the laptop was on the company’s network it was able to access a CIFS volume set up as a file share on a NetApp FAS. The virus was able to infiltrate the file share and encrypt the majority of the files. This infection impacted the user’s entire department, bringing their day to day operations to a grinding halt.
The customer’s IT team was not notified of the CryptoLocker infection until after the backup retention period had expired.
The total damage count:
46 drives
1 aggregate (needed to be taken offline which affected 17 volumes)
1 infected volume on a RAID DP
Enter Ontrack
The customer brought everything into the Ontrack lab in New Jersey for evaluation. Our engineers suited up and started work on a solution. They rebuilt the RAID groups written across 10 different shelves, the aggregate and the critical volume. Additional damage was found on the aggregate when we discovered that it had been used for two weeks after the infection and data was overwritten.
NetApp’s Secret Weapon
Due to the way, NetApp’s proprietary file system WAFL is set up, Ontrack engineers were able to ‘walk back in time’ and recover the data. Data recovery on NetApp systems occurs at the aggregate layer. Being WAFL creates checkpoints every 10 seconds, our engineers were able to identify multiple checkpoints and merge the data to provide the customer access to unencrypted copies of their original data.
Victory
Ontrack’s data recovery expertise combined with NetApp’s technology and data writing methods enabled us to declare victory over the CryptoLocker ransomware. We were able to find a way to recover unencrypted copies of the data that had been encrypted (and being held for ransom) and return them to the customer.
Live Recap
Ontrack engineering teamed up with NetApp to discuss the fight against ransomware. Watch our recent webinar that discusses NetApp's data protection capabilities and Ontrack's enterprise storage recovery offerings.
Call for Immediate Assistance!
- Crypto Currency (2)
- Data Backup (9)
- Data Erasure (8)
- Data Loss (15)
- Data Protection (11)
- Data Recovery (22)
- Data Recovery Software (2)
- Data Security (3)
- Data Storage (15)
- Degaussing (1)
- Deleted Data (5)
- Digital Photo (2)
- Disaster Recovery (6)
- Encryption (1)
- Expert Articles (5)
- Hard Drive (7)
- Laptop/Desktop (7)
- Memory Card (5)
- Mobile Device (13)
- Ontrack PowerControls (1)
- Raid (5)
- Ransomware & Cyber Incident Response (6)
- Server (6)
- SSD (14)
- Tape (17)
- Virtual Environment (9)