Improving protection against ransomware

Ransomware attacks can cost a business time, resources, and reputation. BlueXP enables you to implement the NetApp solution for ransomware, which provides effective tools for visibility, detection, and remediation.

  1. On the Canvas page, double-click the name of the system you configure to ransomware protection.

  2. On the Overview tab, click the Features panel and then click the pencil icon next to Ransomware Protection.

    A screenshot that shows the Ransomware Protection setting under the Features panel available in the top right of the Overview page when viewing a working environment.

  3. Implement the NetApp solution for ransomware:

    1. Click Activate Snapshot Policy, if you have volumes that do not have a Snapshot policy enabled.

      NetApp Snapshot technology provides the industry’s best solution for ransomware remediation. The key to a successful recovery is restoring from uninfected backups. Snapshot copies are read-only, which prevents ransomware corruption. They can also provide the granularity to create images of a single file copy or a complete disaster recovery solution.

    2. Click Activate FPolicy to enable ONTAP’s FPolicy solution, which can block file operations based on a file’s extension.

      This preventative solution improves protection from ransomware attacks by blocking common ransomware file types.

      The default FPolicy scope blocks files that have the following extensions:

      micro, encrypted, locked, crypto, crypt, crinf, r5a, XRNT, XTBL, R16M01D05, pzdc, good, LOL!, OMG!, RDM, RRK, encryptedRS, crjoker, EnCiPhErEd, LeChiffre

      Tip BlueXP creates this scope when you activate FPolicy on Cloud Volumes ONTAP. The list is based on common ransomware file types. You can customize the blocked file extensions by using the vserver fpolicy policy scope commands from the Cloud Volumes ONTAP CLI.

A screenshot that shows the Ransomware Protection page that is available from within a working environment. The screen shows the number of volumes without a Snapshot Policy and the ability to block ransomware file extensions.