0 0

Tintri Saves Your Data from Ransomware Attacks

The recent world-wide WannaCry ransomware infection has everyone wondering how to protect themselves.

The recent world-wide WannaCry ransomware infection has everyone wondering how to protect themselves.

  • KEY TAKEAWAYS
  • Backups are your immediate protection once a ransomware infection has occurred.
  • Tintri provides faster recovery based on efficient snapshots for lower RPO and RTO than traditional backup and recovery solutions—reducing data and time loss to a minimum.
  • With VM-level granularity, you can get services up and running faster.

Tintri can save your bacon…and your data from ransomware attacks!

If anyone was still feeling complacent about the threat posed by ransomware, the unprecedented global spread of WannaCry last week provides ample proof of just how dangerous it is. The attack affected more than 300,000 Windows PCs in more than 150 countries, hitting high-profile organizations including the UK’s National Health Service (NHS), the Ministry of internal Affairs in Russia, FedEx, Nissan, and Hitachi. There is no longer any excuse to ignore this threat.

Restoring from backup is your only option—other than paying the ransom—once an infection has occurred. Such a high-profile incident is a wake-up call for all IT organizations to make sure that their current data protection and disaster recovery (DP/DR) strategies are adequate to protect against ransomware.

Your business needs to ensure that in the event of a successful infection, affected systems can be back up and running as quickly as possible, with minimum data loss and protection against future infection.

Getting Backup Right

Even if you have a good backup strategy in place, you need to ask yourself whether it protects you adequately from ransomware. For example, it may only be in the aftermath of a ransomware attack that your company discovers the last good backup is 24 hours old based on a daily recovery point objective (RPO). Retrieving that data may take a lot of time. Recovery time for the backup could be as much as two days. Hardly ideal.

So, what measures should you take to reduce the RPO and RTO of your backups? You need a solution that provide snapshots for point-in-time recovery, both locally and remotely through native replication. Tintri offers RPO as low as 15 minutes with asynchronous replication or zero RPO and near-zero RTO with synchronous replication. However, since both replicas are guaranteed to be the same at all times, you’ll want to protect yourself by also creating regular snapshots for more recovery points. For virtual machines (VMs) running on Tintri, it is possible to rapidly restore the OS to the last usable point-in-time, reducing the downtime caused by affected VMs.

The Right Recovery

In most LUN-based storage, the only fast option is to recover all the applications on the same LUN to the same point in time. But as ransomware typically comes in waves and spreads throughout systems over time, the rate of infection for different applications on the same LUN can vary widely. For instance, only 10% of VMs on the LUN might be affected in the first attack, another 10% might be hit in a second attack several hours later, and the rest could be completely unaffected.

Forcing the recovery of the entire LUN means unaffected VMs will be recovered to the same point in time as the earliest affected VMs. This results in 90% of VMs being unnecessarily recovered to the earlier point-in-time for the sake of the 10% that were hit in the first attack. The only alternative is to restore the entire LUN to scratch space—assuming enough space exists—and then recover just the infected VMs using a cumbersome and error-prone manual process. Tintri allows you to recover at VM-level granularity and so avoids these problems. As a result, you are able to restore just the affected VMs to the right point-in-time.

Another complication is that most snapshot backups limit you to restoring to a specific point in time. Essentially, you have a one-way ticket to the specified backup point and once you use it you lose the ability to restore snapshots that happened after that point. Ransomware can make it hard to pinpoint the moment when an attack started to affect your VMs. You might end up restoring to a point well before the infection, resulting in more data loss.

Tintri’s SyncVM allows you to move back and forth between recovery points to gain a more accurate view of when VMs were infected and restore them more accurately.

Deploying a modern and effective data backup and recovery strategy with Tintri enables you to achieve faster RPO and RTO, ensure quicker recovery, and get services up and running with VM-level granularity.

Only Tintri can help keep you from WannaCry-ing after a ransomware attack; watch the 3-minute video below for an example.

 

Lei Yang / May 23, 2017

Lei Yang is Sr. Product and Solutions Manager at Tintri. Her focus is on solutions for enterprises and cloud service providers, covering a wide range of virtualization use cases such as VDI, databa...more

Temporary_css