Skip to main content
BlueXP ransomware protection

Protect workloads against ransomware attacks

Contributors amgrissino
PDFs

You can protect workloads against ransomware attacks by completing the following actions using BlueXP ransomware protection.

  • View existing workload protection.

  • Assign a policy to a workload.

    • Increase application protection to prevent future RW attacks.

    • Change the protection for a workload that was previously protected in the RW service.

  • Manage policies (only the ones that you created).

BlueXP ransomware protection assigns a priority to each workload during discovery. The workload priority is determined by the following Snapshot frequencies:

  • Critical: Snapshot copies taken less than 1 per hour (highly aggressive protection schedule)

  • Important: Snapshot copies taken less than 1 per day but greater than 1 per hour

  • Standard: Snapshot copies taken more than 1 per day

Protection status: A workload can show one of the following protection statuses to indicate whether a policy is applied or not:

  • Protected: A policy is applied.

  • At risk: No policy is applied.

  • In progress: A policy is being applied but not completed yet.

  • Failed: A policy is applied but is not working.

Protection health: A workload can have one of the following protection health statuses:

  • Healthy: The workload has protection enabled and backups and Snapshot copies have been completed.

  • In progress: Backups or Snapshot copies are in progress.

  • Failed: Backups or Snapshot copies have not completed successfully.

  • N/A: Protection is not enabled or sufficient on the workload.

View workload ransomware protection

One of the first steps in protecting workloads is viewing your current workloads and their protection status. You can see the following types of workloads:

  • VM workloads

  • File share workloads

Steps

  1. From the BlueXP left navigation, select Protection > Ransomware protection.

  2. Do one of the following:

    • From the Dashboard Data Protection pane, select View all.

    • From the menu, select Protection.

      Protection page

  3. From this page, you can assign a policy to a workload.

Assign a predefined protection policy to workloads

To help protect your data, you can assign an existing ransomware protection policy to one or more workloads. You can also assign a different policy to a workload that already has a policy.

BlueXP ransomware protection includes the following predefined policies that are aligned with workload priority:

Policy level Snapshot Frequency Retention (Days) # of Snapshot copies Total Max # of Snapshot copies

Critical workload policy

Quarter hourly

Every 15 min

3

288

309

Daily

Every 1 day

14

14

309

Weekly

Every 1 week

35

5

309

Monthly

Every 30 days

60

2

309

Important workload policy

Quarter hourly

Every 30 mins

3

144

165

Daily

Every 1 day

14

14

165

Weekly

Every 1 week

35

5

165

Monthly

Every 30 days

60

2

165

Standard workload policy

Quarter hourly

Every 60 min

3

72

93

Daily

Every 1 day

14

14

93

Weekly

Every 1 week

35

5

93

Monthly

Every 30 days

60

2

93
Steps

  1. From BlueXP ransomware protection, do one of the following:

    • From the Dashboard Data Protection pane, select View all.

    • From the Dashboard Recommendation pane, select a recommendation about assigning a policy and select Review and fix.

    • From the menu, select Protection.

  2. From the Protection page, review the workloads and select Protect next to the workload.

    A list of policies appears.

    Protection policy list

  3. To see details, click on the down arrow on a policy.

  4. Select a policy to assign to the workload.

  5. Select Protect.

  6. Review the Dashboard Recommended actions pane, which shows the action as “Completed."

Create a protection policy

If the existing policies do not meet your business needs, you can create a new protection policy. You can create your own from scratch or use an existing policy and modify its settings.

You can create policies that govern primary and secondary storage and treat primary and secondary storage the same or differently.

You can create a policy when you are managing them or during the process of assigning a policy to a workload.

Steps to create a policy during policy management

  1. From the BlueXP ransomware protection menu, select Protection.

    Protection page

  2. From the Protection page, select Manage policies.

    Manage policies page

  3. From the Manage policies page, select Add.

    Add policy page

  4. Enter a new policy name, or enter an existing policy name to copy it. If you enter an existing policy name, choose which policy to copy.

    Note If you choose to copy and modify an existing policy, you must change at least one setting to make it unique.

  5. For each item, select the Down arrow.

    • Primary storage:

      • Snapshot copy schedules: Choose schedule options, the number of Snapshot copies to keep, and select to enable the schedule.

      • Primary detection: Enable the service to detect ransomware incidents on primary storage.

      • Block file extensions: Enable this to have the service block known suspicious file extensions. The service takes automated Snapshot copies when Primary detection is enabled.

    • Secondary storage:

      • Backup schedules: Choose schedule options for secondary storage and enable the schedule.

      • Secondary detection: Enable the service to detect ransomware incidents on secondary storage.

      • Lock backups: Choose this to prevent backups on secondary storage from being modified or deleted for a certain period of time. This is also called immutable storage.

        This option uses NetApp DataLock technology, which locks backups on secondary storage. The period of time that the backup file is locked (and retained) is called the DataLock Retention Period. It is based on the backup policy schedule and retention setting that you defined, plus a 14-day buffer. Any DataLock retention policy that is less than 30 days is rounded up to 30 days minimum.

  6. Select Add.

Steps to create a policy during protection policy assignment

  1. From the BlueXP ransomware protection menu, select Protection.

    Protection page

  2. From the Protection page, select Protect.

  3. From the Protect page, select Add.

    Add policy page

  4. Complete the process, which is the same as creating a policy from the Manage policies page.

Assign a different protection policy

You can choose a different protection policy for a workload.
You might want to increase the protection to prevent future ransomware attacks by changing the protection policy.

Steps

  1. From the BlueXP ransomware protection menu, select Protection.

  2. From the Protect page, select a workload, and select Protect.

  3. In the Protect page, select a different policy for the workload.

  4. To change any details for the policy, select the down arrow on the right and change the details.

  5. Select Save to finish the change.

Edit an existing policy

You can change the details of a policy only when the policy is not associated with a workload.

Steps

  1. From the BlueXP ransomware protection menu, select Protection.

  2. From the Protection page, select Manage policies.

  3. In the Manage policies page, select the Actions option for the policy you want to change.

  4. From the Actions menu, select Edit policy.

  5. Change the details.

  6. Select Save to finish the change.

Delete a policy

You can delete a protection policy that is not currently associated with any workloads.

Steps

  1. From the BlueXP ransomware protection menu, select Protection.

  2. From the Protection page, select Manage policies.

  3. In the Manage policies page, select the Actions option for the policy you want to delete.

  4. From the Actions menu, select Delete policy.