Datto’s SIRIS 3 data protection platform includes what it claims is the industry’s first ramsomware detection capability.
Ransomware is the noxious malware that captures your files and walls them off from access by encrypting them. The perpetrator demands payment – possibly by anonymous Bitcoin – to release the encryption key so you can recover your data. Known examples of Ransomware are CryptoLocker, CryptoWall, Locky, Cerber, KeyRanger, SamSam, TeslaCrypt, TorrentLocker, and Reveton.

When ransomware is detected, SIRIS 3 notifies admins so they can roll back to a pre-ransomware state, saving businesses from downtime and avoiding the ransom. SIRIS 3 is a physical, software or virtual appliance and can protect any physical, virtual and cloud infrastructure running on Windows, Mac or Linux.
Datto says it backs up automatically on a user’s schedule to a local device, and replicates backups to the Datto Cloud. Users can recover granular data quickly from multiple points in time, or use local virtualization, Datto Cloud virtualization – or both – to get back to business in minutes.
There are no details yet available as to how SIRIS 3 detects ransomware, other than that it is entropy-based.

But it has been reported that University of Florida and Villanova University researchers developed CryptoDrop, which detects an ongoing encryption process on a large number of files. In a test, 10 to 33 files were encrypted before the ransomware attack was stopped.
The researchers’ paper abstract states:

Using a set of behavior indicators, CryptoDrop can halt a process that appears to be tampering with a large amount of the user’s data. Furthermore, by combining a set of indicators common to ransomware, the system can be parameterized for rapid detection with low false positives. Our experimental analysis of CryptoDrop stops ransomware from executing with a median loss of only 10 files (out of nearly 5,100 available files).

Read their paper here. Datto knows about this paper.
Other Datto product/service updates:
SIRIS 3 includes screenshot verification, providing script execution to ensure complex backups are viable.
Datto Drive local brings all of the benefits of Datto Drive file sync and share to a local network device.
Datto Drive enhancements include user activity reporting, daily backups, management utilities, and custom theming.
There are four new SIRIS 3 device options – the all-flash 2TB S3X2, and 80, 100 and 120TB enterprise devices for disaster recovery.
Datto NAS 3, a cloud protected network storage product, has Infinite Cloud Retention (ICR) so customers can save all of their data to the Datto Cloud indefinitely, regardless of capacity used. Datto NAS 3 is available with all new hardware, as well as block level deduplication for local shares.
NAS Guard allows Datto NAS to connect with, back up and protect in the cloud any data stored anywhere on local network storage.
Datto Backupify (cloud-to-cloud data protection) added new pricing tiers and seat management capabilities.
Two-factor authentication has been implemented for the Partner Portal.
Ransomware detection would seem to be a naturally attractive capability, and one that would be widely, not to say wildly, popular. If Datto’s capability, thought to be based on CryptoDrop technology, is successful and realistic, then expect a flash flood of adoption across the data protection industry. ®

Leave a Reply