Recover from Ransomware

Super Low RPO with Continuous Data Protection:

Dial Back to Just Seconds Before an Attack

Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds!

Application-Centric Protection:

Group Your VMs to Gain Application-Level Control

You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole application stacks can be recovered in a single cohesive unit, with checkpoints taken only seconds apart from the exact same point in time across multiple VMs in the group.

Real-Time, In-Line Encryption Detection:

Receive Early Warning When an Attack Occurs

Zerto can detect possible ransomware attacks in real-time, unlike other products that need to wait for a backup to complete before scanning the data. Zerto scans data in-line in real-time as it is being replicated, giving you the earliest warning sign of a potential cyberattack occurring inside your environment.

Learn More about Real-Time Encryption with Zerto.

Let's take a look at what a ransomware attack and Zerto recovery look like.

In a real-life cyberattack scenario, you wouldn't knowingly encrypt your files. It's apparent that the file server in this graphic has been infected with ransomware, which encrypted the files hosted within it.

Recover from Ransomware

After a ransomware attack, files will all be encrypted and cannot be used.

Using Zerto, early in a cyberattack, you'll see a triggered warning in your Zerto console, indicating potential suspicious activity on your VM. You can drill down to see the exact disk the anomalous activity is being generated from, allowing you to quickly identify infected machines, limit blast radius, and create a timeline of events to aid in investigations and forensics post-recovery, as shown in this image.

Instant File Level Recovery:

Restore an Application or a VM—or Even Drill Down to a Single File

Upon an attack, you'll receive automated alerts via email or notifications from the Zerto extensible APIs, enabling you to take action quickly. You can restore files directly back into the VM in real time, from only seconds before the encryption event, ensuring minimal data loss.

The graphic below shows how. First, select Restore, then Files.

Recover from Ransomware

Next, choose the VM you want to restore from and to. Once you've made these selections, you can browse Zerto's unique journaling capabilities. You'll notice there are over 700 points in time, only seconds apart, that you can recover from. This ensures your RPO is as low as possible. Then, you'll review these checkpoints, identifying the ones Zerto has tagged as suspicious. Afterward, you can go back a little further and examine the ones marked as clean. This process allows you to recover directly before suspicious activity was detected.

Now, you can browse the files and folders you wish to restore using a simple wizard. Select the files you want to restore, choose a set of credentials to authenticate into the VM, and hit Restore,

Recover from Ransomware

as shown below. Your files will now recover directly back into production without the use of any agents inside the OS and with only seconds of data loss.

Recover from Ransomware

The recovery process is simple and fast to achieve, with minimal disruption to any organization.

Now, let's consider how we would recover in the event of a larger-scale attack that impacts multiple VMs or even hundreds simultaneously. By using the failover function within Zerto, you can trigger a full failover of all selected VPGs and the VMs inside them to a secondary site. This secondary site could be another VMware site, Hyper-V, or even a public cloud. With full automation and orchestration, a Zerto failover can achieve benefits like these:

  • Thousands of VMs with an RTO of minutes
  • Full re-IP of each VM, if required
  • Restoring directly onto production-grade storage of your choice with no additional migrations required (such as Storage vMotion)
  • Restoring directly back onto production-grade compute without any further steps such as vMotion

This type of recovery is ideal for cyber recovery because large-scale recoveries can be difficult to achieve with backup tools that are not designed for recovery at scale.

Fast Failover to Secondary Site with Full Automation and Orchestration: Mobilize, Move, and Recover with Automated Processes

Recover from Ransomware

As you can see, Zerto has some unique and exciting capabilities when it comes to ransomware resilience.

To summarize:

  • Zerto allows you to recover in minutes to just seconds before an attack, from files and folders to thousands of VMs creating complex applications.
  • Real-time, in-line encryption detection helps identify anomalous activity, limit blast radius, and provide the earliest warning signal that an attack may be occurring.
  • A full, built-in automation and orchestration suite means there's no need for additional tools to ensure your large-scale recoveries are as simple and fast as possible.

Don't wait for an attack to happen! Protect your organization and gain confidence with Zerto. Try Zerto free for 14 days!

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.