Four Steps to Beating Ransomware

The recent hack and subsequent ransomware attack experienced by Colonial Pipeline underscores the shortcomings with most organizations’ storage technology which prevents them from taking the four steps to beating ransomware. The risk organizations, enterprises and even nations face when dealing with this malware threatens more than just that company’s profits and reputation. Bad actors work tirelessly to exploit weaknesses in data and system security and one breach can permanently shut down organizations. We hope for a speedy resolution in the pipeline disaster, including the gasoline shortages on America’s East Coast, and would like to share our advice, as we have an effective, proven solution to protect customers from this most serious IT threat.


Ransomware is insidious, it often occurs without any IT awareness, getting past firewalls, so called anomaly detection, and even trained IT staff paid to look for it. Many partial solutions have been offered by security IT software companies, and others from storage vendors. Aggressive snapshot schedules with remote replication are effective, but until recently, cost, complexity, and security holes in the snapshots themselves made successfully using snapshots for ransomware recovery rare.


StorONE’s S1:Snap, thanks to the eight years we spent developing the S1 Storage Engine, redefines the potential of snapshots and makes them the best defense against ransomware.


Ransomware Beats Legacy Snapshots

Ransomware defeats other snapshot techniques because once an attack initiates, the symptoms often come slowly. Performance glitches, unknown errors, log-in issues, permissions being changed and encrypted files, all could mean you are currently affected, and are due for an unpleasant summons from hackers demanding money, or just delighting in the malicious loss of your sensitive and critical data. This time delay, plus the vulnerability of the snapshot itself, means that encrypted data works it way into and throughout the entire snapshot tree.
Most storage vendors use a very common snapshot technology and it falls woefully short in protecting the organization from ransomware, and worse, their snapshot techniques provide a false sense of security. For one, they tend to lack the granularity required to beat ransomware. Taking one snapshot per day, or even once per hour, is not enough. The cost and complexity of traditional snapshot methods do not allow schedules aggressive enough to defeat ransomware. Second, they don’t provide the protection of their own snapshots. Snapshots need to be immutable and hidden from the attacking malware. Third, you have to be able to afford to keep these snapshots but stuffing your premium priced all-flash array with millions of snapshots is more expensive than paying the ransom!

Beating Ransomware with S1:Snap

So, how do StorONE customers sleep well, knowing their data can be restored quickly with very minimal loss (as little as a minute’s worth)? The answer is StorONE, founded in 2011, spent our first 8 years completely rewriting the 20+ year old obsolete storage algorithms and flattening out the old IO stack, used in all legacy storage system software, to build an efficient flat storage engine that offers capabilities hackers hate! Ransomware is no match at all for the S1 Enterprise Storage Platform.


There are FOUR critical steps to create an effective ransomware response:

  1. Beat Ransomware with Snapshot Granularity
    With StorONE’s advanced S1:Snap feature, you can take a snapshot every minute and retain them indefinitely without impacting performance. StorONE also delivers minimal TCO by automatically tiering old snapshots to a less expensive hard disk drive tier, saving you money and making long-term snapshot retention practical and automatic. NO LOSS IN PERFORMANCE.
    However, taking an infinite number of snapshots every minute is only effective if they don’t impact performance. If performance grinds to a halt, you might be willing to risk ransomware exposure to avoid hearing users complain about the low performance of the storage infrastructure. It’s easy to say this, but we prove it in real-time during our webinar “Snapshots are Useless, Learn How to Fix Them”
  2. Beat Ransomware with Off-Site Snapshot Protection
    The second task is to get data off-site. If something goes wrong with your primary storage system, your snapshots may suffer. StorONE is unique because its S1:Replicate feature is NOT tied to a snapshot schedule. We replicate continuously, synchronously or asynchronously. Once on the target site or with S1:Azure to the cloud, you can set a different set of snapshot schedules and retention further improving data resiliency.
  3. Beat Ransomware with Snapshot Security
    Flexible, economical and high-performance snapshots are only 3/4th of the ransomware defense. You need more! We make your snapshots highly secure, by ensuring they are immutable and invisible to external applications until you restore them! This blocks ransomware attacks on your last line of defense, the snapshots themselves.
  4. Beat Ransomware with Minimum Snapshot TCO
    By improving efficiency, we allow you to have different snapshot schedules in multiple locations. For example, your primary StorONE HA system might be our fastest Optane and flash nodes, while your secondary could use very high-capacity hybrid or hard disk systems. Quickly and transparently move snapshots from primary to secondary tiers. Only retaining a few days’ worth of snapshots on the primary tier, while your secondary tier economically stores years’ worth of snapshots, again delivers minimal TCO.

Wrapping Up

Do not allow your expensive, aging legacy storage infrastructure to expose your company to the risk of ransomware. Don’t count on backup, as it is too slow to recover and doesn’t provide the granularity you need. Only StorONE with its powerful integration of S1:Snap and S1:Replicate gives you the power to beat Ransomware and to do so affordably

Our powerful snapshot technology not only provides the ultimate protection against ransomware, but can also dramatically reduce your investment in backup infrastructure. It can even replace archive! The key is the efficiency of a storage engine designed from the ground up to take features like snapshots to the next level. Learn more about what you can do with a million snapshots by reading our white paper “What Can You Do With a Million Snapshots” or watch our demonstration to see thousands of snapshots not impacting performance “Snapshots are Useless, Learn How to Fix Them”

Posted in

George Crump

George has over 25 years of experience in the storage industry, holding executive sales and engineer positions. Before joining StorONE, he was the founder and lead analyst at Storage Switzerland.

What to Read Next

Use Snapshots to Reduce Backup Costs

April 13, 2020 / Ittai Doron / No Comments If the storage solution implements them correctly, IT can use snapshots to reduce backup costs. The problem is most snapshot implementations are full of limitations. Despite the claims of many storage vendors, most of their implementations can’t support an unlimited number of snapshots. Also, most can’t […]
Read More

Hybrid Cloud Eliminates Backup

While snapshots can reduce your dependencies on it, if implemented correctly, Hybrid Cloud eliminates backup. In reality, primary storage solutions should have eliminated backup many years ago. The problem is that the limitations of enterprise-class storage features caused by inefficient software won’t allow the technology to finish the job. Because of these limitations, the features […]
Read More

Validating Powering VMware with Optane

The StorONE S1:All-Flash Array.next (AFAn) initial focus excels in high-performance database environments, but now we are validating powering VMware with Optane. StorageReview recently put an S1:AFA.next through its paces in a VMware environment and came away with impressive results. Join StorONE and StorageReview for a live webinar this Thursday as they discuss how to best […]
Read More

Learn More About the Hidden Cost of Dedupe

  • This field is for validation purposes and should be left unchanged.