Ransomware prevention: Monitoring your data for greater security

By Phil Wandrei

Organizations are under constant malware attacks, including ransomware. Cybercriminals want to encrypt your data or threaten to disclose it. In either case, they want your money. Ransomware is such a global threat, it is the world’s fourth-largest criminal activity and is estimated to reach $21 billion by 2021. 

No matter how consistent and effective your security countermeasures are, you have to assume that at some point ransomware will enter your environment. At that point, the focus shifts to monitoring: detecting the attack as quickly as possible so you can reduce its impact.

Commvault knows when it comes to data security, it is paramount to have a multi-layer security strategy and keep in mind that recovery readiness is vital. Ensure your mission-critical data can withstand a targeted attack designed to destroy primary and backup copies of your data. Removing complexity makes a recovery as automated and orchestrated as possible.

Commvault’s innovation and differentiation lies in:  Ransomware protection and recovery — Commvault uses a combination of machine learning algorithms, air gap and honeypot mechanisms to detect ransomware attacks.


Gartner has highlighted Commvault as having strong ransomware protection and recovery technologies.

Experts recommend you have a layered anti-malware and ransomware strategy. Commvault has built these capabilities into our existing security software and policies and without the incremental management overhead. Commvault Complete™ Data Protection software includes: 

  • File system activity monitoring: utilizes historical data and machine-learning algorithms to detect statistically variant file system behavior (also known as anomaly detection).
  • Monitor honey pot files: hidden files that are common and attractive to ransomware attacks are monitored for signature changes.
  • Certificate authentication lockdown: prevents clients from being added to the data protection architecture without additional administrative steps and privileges.
  • Actionable alerting: automatically act and alert for awareness or embed a recommended action workflow into the alert for administrator execution.

All of this comes together seamlessly for your organization. View the short demonstration below:

The State of Colorado is a real-life example. It used the Commvault platform to recover quickly, and fully, from a major ransomware attack against its Department of Transportation. The state first learned of the attack through a Commvault alert — before any of its dedicated security tools had detected the breach. A coordinated response plan across agencies, personnel and technologies statewide helped immeasurably in getting the state back into operation quickly. More below:

Your Commvault data protection and recovery solution can be a valuable part of your anti-ransomware strategy. Advanced technologies powered by artificial intelligence and machine learning make it possible to detect and alert on possible attacks as they happen so you can respond quickly. By helping keep your backups out of danger and making it possible to restore them quickly, you can minimize the impact of even a successful ransomware attack so you can get back to business right away.

Be sure to learn more about Commvault ransomware protection.