Date: June 2, 2017
Author: 11:11 Systems
Editor’s Note: As of January 2022, iland is now 11:11 Systems, a managed infrastructure solutions provider at the forefront of cloud, connectivity, and security. As a legacy iland.com blog post, this article likely contains information that is no longer relevant. For the most up-to-date product information and resources, or if you have further questions, please refer to the 11:11 Systems Success Center or contact us directly.
In light of the recent ransomware attacks involving WannaCry, we wanted to write a blog article about how 11:11’s various cloud solutions can help customers recover from such attacks. Indeed, our solutions have protected a number of our customers recently, and they have been able to quickly recover, usually without even involving our support teams.
One of the aspects of ransomware attacks is that even fully patched servers, with anti-virus and anti-malware protection can succumb to ransomware attacks, due to the different attack vectors that they exploit.
Depending on what is being encrypted, and the urgency with which services need to be recovered, 11:11 offers a number of solutions that have been proven to help in these situations.
As has been well documented in the media, having good, reliable and frequent backups is key, and having off site backups has also been shown to be beneficial. There have been cases reported where the backup servers on-premises have also been compromised by ransomware attacks as the payload, once established, can move around the network and infect other servers.
First of all, let’s look at how ransomware works, using a free, available “friendly” ransomware product called Shinolocker.
In the case where user files have been encrypted (Office documents, photos, etc.), then recovering those files from a backup will be fairly straightforward. In a virtualized cloud environment, this could be done at either the whole VM level or on an individual file/folder basis, depending on what’s been hit.
In terms of cloud backup, 11:11 offers both backup of on-premises servers to the cloud, as well as backup of virtual machines running in 11:11’s Secure Cloud, where we offer seven day backups at no extra cost. In both cases this uses Veeam.
As well as offering 11:11 Cloud Backup for Veeam Cloud Connect, we offer 11:11 DRaaS (Disaster Recovery as a Service) for Zerto. A relatively new feature of Zerto, since version 4.5, is that the replicated storage and journal offer file-level recovery capability where the journal can be selected in roughly five second increments. The journal can be increased from hours to days to weeks, so the granularity of the recovery can be selected as needed.
For situations where whole applications and their databases have been affected by ransomware, it may be necessary to invoke a DRaaS service. Again, iland partners with both Veeam and Zerto to offer DRaaS.
Many people have commented in the media that replication solutions do not help with ransomware, because the ransomware and the encrypted files just get replicated across to the DR site. This is, of course, true. So, it is necessary to make sure that you have sufficient restore points or checkpoints in the DRaaS solution to enable you to ‘wind back’ to a point in time just prior to the ransomware being enabled. With Veeam, this is achieved by having sufficient restore points (snapshots), while with Zerto and its continuous replication capability, it’s a question of having a long enough journal, the longer the more cloud storage you will need. This is also dependent on the daily change rate of your data being protected.
One of the benefits of DRaaS is that you can recover entire VMs that make up an application and have them available for use by both internal and external customers, in as long as it takes to boot them all up.
The short videos below show how 11:11 deploys both Veeam and Zerto DRaaS solutions.
