NetApp : Protect against ransomware with Google Cloud VMware Engine and NetApp Cloud Volumes ONTAP

Sweating over the threat of ransomware? Save the sweating for your workout.

Ransomware attacks are more common than you may think. With sevenfold or higher rates of growth in 2020, Gartner estimates that by 2025 at least 75% of IT organizations will face one or more ransomware attacks. According to the FBI's 2020 Internet Crime Report, the organization received about 2,500 ransomware complaints in 2020, up by about 20% over the year before. The collective cost of the attacks reported in 2020 amounted to approximately $29.1 million, up more than 200% from $8.9 million in 2019. Even after the ransom is paid, organizations don't always get their data back, and costs to the organization can go well beyond the ransom itself.

Why ransomware makes you sweat

Ransomware is a term we're are hearing a lot more these days. All cyberattacks can be detrimental, but ransomware attacks usually pose the greatest risk because they target an organization's most valuable property-its data. These malware programs allow a third party to access and encrypt files, delete the originals, and threaten to delete the only remaining (encrypted) copy of the files if the ransom is not paid. These attacks are common, happen quickly, and can be debilitating to files in the victim's cloud. They often make an organization's services, applications, or sites unusable.

But paying the ransom doesn't always minimize the damage. Even when it's paid, there's no guarantee that data will be recovered or that a decryption key will work. In addition, it can take weeks after an attack to fully assess and rectify losses. The damage doesn't only come from the ransom itself and associated downtime. Costs can include rebuilding servers and workstations, lost opportunities, and reputational damage. Some recent examples include:

• In 2018, the city of Atlanta was struck by the SamSam ransomware. One month after the attack, the cost of recovery totaled nearly $3 million, with the city not fully recovered.
• In 2019, hackers locked out the local Jackson County, Georgia, government from their IT systems with Ryuk ransomware.
• In 2021, REvil, one of ransomware's most aggressive groups, exploited a vulnerability in the company Kaseya's VSA remote management service, with about 50 customers, who further infected another 800 to 1,500 businesses. REvil demanded $70 million for a universal decryptor.

Not being able to access critical data can severely impact not just the organization itself but also its end customers.

Why ransomware targets the cloud

Ransomware is increasingly targeting the cloud for three main reasons:

• Enterprise data is moving to the cloud. The cloud hosts a treasure trove of data. Not only for organizations that are working to turn their data into actionable insights or to sell information, but also for cybercriminals who recognize it as a target they can leverage for ransom.
• Cloud services are crucial for business continuity. Ransomware attackers focus on critical and irreplaceable workloads that organizations will be motivated to pay the ransom to release. For many, those are in the cloud.
• Cloud resources are shared by many. If cybercriminals manage to hold hostage an entire server that is owned by a cloud vendor and used by many organizations, they can expand increase the amount of ransom gained from a single attack.

Because the underlying public cloud infrastructure is secured and managed by the cloud service provider, many incorrectly assume that the threat of ransomware in the cloud is less than in a private data center. Unfortunately, that is not the case. All major cloud platforms operate based on a shared responsibility model when it comes to the security and compliance of services offered.

Google Cloud advises customers that they are responsible for maintaining virtual machine (VM) operating systems and applications up to date to avoid potential infections such as ransomware. Like a private data center, customers have unrestricted access to the VMs and their guest operating systems, which means that issues such as patching are just as important and just as complicated as in a private data center.

The public cloud is not impervious to ransomware infections, and prevention and remediation remain the sole responsibility of the customer.

The first layer of protection with Google Cloud VMware Engine

Investing in Google Cloud VMware Engine and NetApp® Cloud Volumes ONTAP® can help avoid data lockout and its far-reaching impacts.

Many organizations have made large investments in VMware tools and skillsets to form the cornerstone of their enterprise IT environments. With the explosion of the cloud in recent years, organizations have also started to incorporate cloud computing as a key part of their IT strategies and are now eager to run their VMware applications in that same environment.

Google Cloud VMware Engine allows businesses currently running on-premises VMware workloads to continue to leverage their existing investments in VMware while seamlessly migrating to Google Cloud. With Google Cloud VMware Engine, organizations can increase business agility and availability without rearchitecting or refactoring their applications. Teams can use the same tools, processes, and policies to maintain operational continuity while avoiding data center management, hardware refreshes, and procurement cycles.

But when virtual environments move to the cloud, ransomware is sure to try to follow.

NetApp solutions for ransomware protection in the cloud

NetApp Cloud Volumes ONTAP is a software-defined storage offering that delivers advanced data management for your VMware workloads running in the cloud on Google Cloud VMware Engine. NetApp Cloud Volumes ONTAP offers built-in ransomware prevention, detection, and remediation options to help enterprise customers mitigate against and efficiently recover from ransomware infections in the cloud.

• Rapid recovery. The most expensive aspect of a ransomware attack is the downtime experienced in getting your data back online. NetApp immutable Snapshot™ copies restore terabytes of data in seconds, not hours.
• Layered security. NetApp features such as SnapMirror® replication software technology and volume replication enable you to replicate your Snapshot backups to multiple locations (DR site, cloud, secondary system) for enhanced resilience.
• Risk mitigation. NetApp services and tools give visibility into the security of your data and offer options for mitigating potential risks.

Stay protected with NetApp Cloud Volumes ONTAP

Major businesses and government agencies rely on Cloud Volumes ONTAP for consistent and cost-effective backup and recovery services, knowing that there isn't any question about the remediation process or how much it will cost to recover data. Save the sweating for your workout with NetApp solutions for data protection in the cloud.