4 Ways to freeze CryptoLocker with data-aware storage

If your data were stolen and held for ransom, would you ask for help – or admit the theft at all?

There’s no easy answer in this kind of situation, and that’s exactly the power of a CryptoLocker attack. The virus is a form of ransomware that installs itself on victims’ computers and prevents them from accessing their own files until they pay a ransom to the malware’s creators. Like its cousin Cryptowall, CryptoLocker is disruptive to any IT environment and recovering from it is expensive – not just in monetary costs alone (although any ransomware issue is likely to cost large fees), but also in terms of business interruptions and reputation remediation. Ultimately, when a third party proves it can take possession of your data, your customers will likely find it hard to trust your business in the future.

Traditionally, the only reliable way to deal with a CryptoLocker attack was to avoid it in the first place. Companies would warn employees against phishing attacks, unfamiliar emails and PDF attachments that appeared questionable, or they’d use software restriction policies to add control to the environment and prevent the initial breach. However, as any security manager or IT pro knows all too well, the virus continues to plague organizations of all sizes.

When you can look into your data, you can quickly identify suspicious activity. Below are four ways to use data-aware storage to lock down your data and neutralize the destruction of a CryptoLocker attack.

  1. Locate and secure instances of sensitive data. Use keywords and custom tags to identify the location of your critical information, whether it’s hiding in infrequently used file shares, on your on-premise servers, on a virtual machine (VM) or in a network share. Once you’ve identified critical files, these files should be moved to secure locations that aren’t mapped on client machines.
  1. Know your file usage patterns. When your file usage spikes in an unlikely way, it could be ransomware charging through your system. Know your employees’ data habits so you can identify when unusual activity occurs in your on-premise system, on a VM or a network share.
  1. Track the path of the attack. The search functionalities of data-aware storage can highlight the path and timeline of files and folders impacted by a CryptoLocker attack. When you can view every file affected by the virus, your path to recovery is clearly outlined, as well. 
  1. Use DiscoveryPoints to quickly restore from local backups. DataGravity DiscoveryPoints are located on a fault-isolated set of disks within your storage array. This means they’re outside the path of a ransomware attack and ready to instantly restore your directories and files using the map of the attack the data-aware system has drawn out. While prevention is always a key part of avoiding a serious virus attack, when you’re data-aware, you can react quickly and restore affected files instantly.

For more tips on conquering a CryptoLocker attack, download our white paper.


Rich Shea

Rich brings 25 years of experience with global sales management, product marketing, and system engineering. As the VP of Sales he is responsible for ramping and managing the DataGravity field sales organization in their mission of business development, channel creation and management, and revenue generation. Rich holds a BS from the Massachusetts Maritime Academy and an MBA from Boston College.