Close this search box.

Azure Native Qumulo Now available in the EU, UK, and Canada – Learn More

Data Recovery from Ransomware with Qumulo’s Built-In Security

Authored by:

Data recovery best practices dictate regular backups, snapshots, and replication policies, but when disaster strikes, hindsight is 20/20.

By preventing malware attempts at the point of entry or detecting successful ransomware attacks while in progress–you can protect your environment from infection and use data recovery strategies to mitigate damage. However, ransomware is a lucrative venture for bad actors and even a good security posture can be infiltrated by sophisticated tactics; therefore, another line of defense is essential: a cloud disaster recovery strategy for business continuity to help you resume operations.

In the first article in this series, Protect Your File Data from Ransomware with Holistic Security, we recommended a holistic approach to security that takes advantage of Qumulo’s built-in security controls in conjunction with best practices to stop ransomware from reaching your file system. This post focuses on data recovery strategies.

Data security comes standard with Qumulo

Security comes standard with Qumulo Core providing always-on security, data protection and data recovery without compromise or add-on costs. Qumulo’s file system supports disaster recovery and resumption strategies with some very effective and easy-to-implement data services that are built into Qumulo Core including:

  • Security enabled by default
  • Software-based encryption without performance penalties
  • Robust fault tolerance and erasure coding
  • Data recovery with immutable snapshots, policy and continuous replication
  • Optional encryption over the wire
  • Cloud backup to Amazon S3

Immutable snapshots

A Qumulo Snapshot is a very efficient data recovery feature. Snapshots are created by directory, can be taken at any point in time, on schedule or on-demand, and consume no space at the time the snapshot is taken. Only file changes will consume extra space as the changes are stored in addition to the previous version(s) of files. 

If a file or directory needs to be rolled back to a previous version, files can be copied back from a previous version. Because snapshots are immutable (read-only), ransomware will not be able to encrypt the data. Snapshots can be restored through Windows VSS or snapshot directory and can be deleted manually or automatically per retention policy.

Snapshot policy-based replication

Qumulo replication offers an additional level of data recovery. Snapshot policy replication allows different retention times on source and target, there is a defined point of recovery in case of infection and local snapshots can be replicated to another Qumulo cluster. Having an additional copy of a snapshot adds additional reliability in case of a disastrous event or ransomware incident. Even single files or directories can be restored.  


Qumulo Shift to Amazon S3

With Qumulo Shift–included with the Qumulo software subscription–Qumulo hosted data can be copied efficiently from any directory to an AWS S3 bucket. In the AWS S3 bucket, Qumulo stores files in native object format (accessed with an S3 browser), no gateway required. Subsequent copies are incremental so that only changed files are copied. Data is restored through the copy.

This is another reliable business continuity and disaster recovery best practice to store Qumulo data in a different location and thus, prevent it from a potential local attacker. Depending on the workload or file changing characteristics, your disaster recovery strategy could dictate copying consistent snapshots to an S3 bucket or using AWS versioning to keep multiple versions of files in the bucket. 


Different apps can act on the data in the filesystem and the S3 bucket and data can be tiered to AWS Glacier by policy. The strategy can be complemented by using AWS intelligent tiering to move older files to AWS Glacier for cold storage–which is a cost-effective method of storing data that is not actively being used. 


A well-known disaster recovery best practice is to keep backups of your relevant data so it can be recovered when needed. Qumulo supports all major ISV backup software solutions. Like all other tasks on Qumulo’s file system software, the data movement can be highly automated by using the API or CLI. Qumulo’s snapdiff API allows incremental forever backups to perform a full backup once. Any ISV solution can be used to backup native files. 

Some backup and data recovery ISVs including Commvault and Atempo use Qumulo’s API to provide super fast incremental forever backups. They use the Qumulo API to identify changes between two snapshots which allows them to take instantaneous incremental backups without the need to perform a tree walk. This allows the implementation of an incremental forever strategy with minimal effort. Since they do not use an NDMP format for this task but their native file format, restores are storage agnostic and data can be restored anywhere. 


Continuous replication

Our replication features allow us to sync our data to other locations; for example, Qumulo Shift replicates file data to Amazon S3. Our data protection features are integrated with backup and recovery partners like Commvault; and other features like Qumulo Audit work with SIEM solutions like Microsoft Azure Sentinel for ransomware detection

In addition, there are multiple replication capabilities in Qumulo Core depending on the use case and need for the data to support business continuity. For disaster recovery, continuous replication for hot storage would include transactional data for financial services customers or files for a movie about to be released. Cold storage might archive rarely accessed census data from past decades. Warm storage would replicate research on a new vaccine or potential matches for organ transplant donors.


Ransomware recovery is the means for business continuity 

To learn more about Qumulo’s holistic security to prevent, detect, and recover from ransomware as well as other disasters that threaten business continuity, please read the white paper: Qumulo Security Architecture and Best Practices to Counter Malware

Learn more
Contact us

Related Posts

Scroll to Top