Learn about Ransomware Protection

Contributors netapp-tonacki

Ransomware attacks can cost a business time, resources, and reputation. The Ransomware Protection service enables you to view relevant information about cybersecurity and assess how resilient your organization is to a cyber attack. It also provides you with a list of alerts and remediations for making your data more secure.

Tip The Ransomware Protection service is currently a Beta offering.


Ransomware Protection currently provides several features that can help you with your cyberstorage protection efforts. Additional features will be added in the future. Current features identify when:

  • Volumes in your working environments aren’t being protected by making periodic Snapshot copies.

  • Volumes in your working environments aren’t being protected by creating backups to the cloud using Cloud Backup.

  • Data in your working environments and data sources aren’t being scanned using Cloud Data Sense to identify compliance and privacy concerns, and find optimization opportunities.

    This capability is also important from a ransomware protection perspective because it allows you to better understand where your important (sensitive, business critical) data is located so you can make sure you’re focusing your protections there.

  • Your most important categories of data aren’t being backed up in case you need to recover because of a ransomware attack.

  • An abnormal increase in the percentage of encrypted files in a working environment or data source has occurred.

    This can be an indicator that a ransomware attack has commenced on your network.

  • Sensitive data is found in files and the access permissions level is too high in a working environment or data source.

  • Users have been added to your Active Directory Domain Administrator Groups.

  • The ONTAP software version on your clusters is old and should be updated to provide the best protection and security features.

  • On-box anti-ransomware features are not enabled on your ONTAP systems.

    The ONTAP anti-ransomware features proactively detect and warn about abnormal activity that might indicate a ransomware attack.

When using Cloud Volumes ONTAP systems, there are some additional ransomware protections you can deploy directly from the working environment. See how to add additional protection against ransomware.

Supported working environments and data sources

Cloud Data Sense is a prerequisite to using the Ransomware Protection service. After Data Sense is installed and activated, you can use Ransomware Protection to see how resilient your data is to a cyber attack on the following types of working environments and data sources:

Working environments:

  • Cloud Volumes ONTAP (deployed in AWS, Azure, or GCP)

  • On-premises ONTAP clusters

  • Azure NetApp Files

  • Amazon FSx for ONTAP

  • Amazon S3

Data sources:

  • Non-NetApp file shares

  • Object storage (that uses S3 protocol)

  • Databases (Amazon RDS, MongoDB, MySQL, Oracle, PostgreSQL, SAP HANA, SQL Server)

  • OneDrive accounts

  • SharePoint accounts

  • Google Drive accounts

Ransomware Protection also monitors your global Active Directory configuration if you have configured this in Cloud Data Sense.

How Ransomware Protection works

At a high-level, Ransomware Protection works like this:

  1. Ransomware Protection gathers information from your storage systems, Cloud Data Sense, Cloud Backup, and from other Cloud Manager resources, to populate the Ransomware Protection Dashboard.

  2. You use the Ransomware Protection dashboard to get an overview of how well protected your systems are.

  3. You use the provided reporting tools to help in your cyberstorage protection efforts.


There is no separate cost for the Ransomware Protection service during the Beta.