Improving protection against ransomware
Ransomware attacks can cost a business time, resources, and reputation. BlueXP enables you to implement the NetApp solution for ransomware, which provides effective tools for visibility, detection, and remediation.
On the Canvas page, double-click the name of the system you configure to ransomware protection.
On the Overview tab, click the Features panel and then click the pencil icon next to Ransomware Protection.
Implement the NetApp solution for ransomware:
Click Activate Snapshot Policy, if you have volumes that do not have a Snapshot policy enabled.
NetApp Snapshot technology provides the industry’s best solution for ransomware remediation. The key to a successful recovery is restoring from uninfected backups. Snapshot copies are read-only, which prevents ransomware corruption. They can also provide the granularity to create images of a single file copy or a complete disaster recovery solution.
Click Activate FPolicy to enable ONTAP’s FPolicy solution, which can block file operations based on a file’s extension.
This preventative solution improves protection from ransomware attacks by blocking common ransomware file types.
The default FPolicy scope blocks files that have the following extensions:
micro, encrypted, locked, crypto, crypt, crinf, r5a, XRNT, XTBL, R16M01D05, pzdc, good, LOL!, OMG!, RDM, RRK, encryptedRS, crjoker, EnCiPhErEd, LeChiffre
BlueXP creates this scope when you activate FPolicy on Cloud Volumes ONTAP. The list is based on common ransomware file types. You can customize the blocked file extensions by using the vserver fpolicy policy scope commands from the Cloud Volumes ONTAP CLI.