Fight Back Against Ransomware With Zerto - Zerto

Time to Fight Back Against Ransomware: Zerto Will Show You How

May 24, 2022
Est. Reading Time: 6 minutes

Ransomware is the most rampant disaster threat to organizations in every industry. Cybercriminals are disrupting business, causing reputational damage and lost revenue to organizations worldwide. Last year, a minimum of $18 billion was paid in ransoms globally¹. Growing in both volume and severity, malicious actors are finding increasingly sophisticated methods of targeting the vulnerability of applications.

A recent ransomware threat in the United States is LockBit 2.0². After compromising a victim network, LockBit 2.0 compromises virtual machines (VMs) using publicly available and custom tools to escalate privileges, exfiltrate data, and encrypt it with malware. A “ransom note” is typically left in the infected directory providing instructions on how to obtain the decryption software. Victims are either forced to pay the ransom or face total loss of business-critical applications.

Beat Ransomware with True Continuous Data Protection (CDP)

Deploying Zerto, a Hewlett Packard Enterprise company, in a virtualized infrastructure helps combat ransomware like LockBit 2.0 by protecting any application using continuous data protection (CDP). Zerto can bring a compromised virtual environment back online within minutes and is designed to attain stringent recovery time objectives (RTO). Zerto can also bring a VM back online to a specific point in time where the ransomware is virtually gone from the VM! This is ideal for those that require a recovery point objective (RPO) of seconds.

Get Your Files Back!

Through recovery operations such journal file-level restores (JFLR), move, failover test & live failover, Zerto can restore an application to a point in time prior to infection. These disaster recovery operations leverage Zerto’s near-synchronous replication, journaling, and logical grouping of protected applications or virtual machines (VM) into virtual protection groups (VPG). JFLR allows users to recover files or folders without failing over a whole VPG. If a ransomware attack locks up files in a file server, for example, Zerto enables a hassle-free recovery of those files without needing to perform any extensive disaster recovery operation. If a set of files is encrypted, Zerto will allow users to rewind to a pre-infection checkpoint and easily restore the files straight from the directory—no ransom paid. Zerto pulls a “gold copy” of the infected VM initially backed up before the event to a repository. This repository communicates with Zerto using S3 or any S3-compatible protocol and is where the initial backup of a protected VM is stored for long-term retention.

New Backup & Restore Functionality in Zerto 9.5:

  •  Instant File Restore for Linux
    • Zerto expands operational recovery by supporting instant file restore for Linux servers, complementing existing support for instant VM for Linux as well as full Windows support.
  • Google Cloud Storage Support for Additional Data Copies
    • Google Cloud Storage is now a destination for long-term retention of replica copies providing extra data resilience on an additional platform.

Checking off the “Immutability” box for compatible repositories in Zerto enables users to mark objects as locked in a VM for backup based on a designated time. This ensures that this is the “golden copy” of this backed up VM and prevents the deletion or alteration of the VM files by any user.


Expanding Long-Term Repositories in Zerto 9.5:

  • More Immutability Options for Ransomware Recovery
    • Microsoft Azure Blob Storage is now supported as a destination for Zerto users to create and manage immutable data copies for ransomware recovery.
    • Zerto expanded support and management of immutability for third-party S3 compatible storage so that recovery data managed by Zerto can be stored in an immutable state for ransomware recovery on a variety of storage systems.
    • Azure Active Directory may now be backed up with immutability offsite through Zerto Backup for SaaS.


Avoid Sneaky Infrastructure Meltdowns

Ransomware is always evolving, so what if it has infected more than just a single VM? Recently, the ‘Double Extortion Ransomware Attack’ or ‘pay-now-or-get-breached’ involves cybercriminals not only stealing data from organizations and encrypting its files to hold them hostage, but also demanding a ransom to decrypt data.  The attackers can later threaten to leak the stolen information if an additional payment is not made³.

This is where Zerto’s failover test and live failover functionalities help users recover from complete infrastructure meltdowns. Failover testing ensures that if an actual failover is needed, the failover will perform as expected. Users can test a single VPG or multiple VPGs at the same time, or even test a subset of VMs from within a multi-VM VPG. Reports can be generated and exported as PDF files to prepare an organization for what to expect when recovering protected applications.

Failovers and tests can be initiated from either protected sites or from the recovery sites to which they are paired. In case a protected site goes down and is completely inaccessible, recovery is still possible when a failover is started from the secondary site’s management console. With Zerto, ransomware stands no chance.

Tighter Security in Zerto 9.5:

  • Virtual Zerto Appliance and Security Enhancements
    • Hardened security is more important than ever with ransomware attacks on the rise. Zerto now offers a Linux-based appliance for Zerto management that is pre-hardened for enhanced security, deploys quickly, enables multi-factor authentication (MFA), and offers easy management via hands-off upgrades and troubleshooting.
    • Zerto’s new role-based access controls (RBAC) and multi-factor authentication (MFA) for the customer web portal, MyZerto, and Zerto Analytics allows customers greater control over access to their Zerto solution.
    • Additional security enhancements including replication appliance updates, more granular control over Secure Shell (SSH) communication between components, and optional pre- and post-login banners improve security awareness.
  • Managed DRaaS Enhancements
    • Providers can now assign one or more service profiles to a tenant and mask any unassigned profiles.
    • Users can configure long-term retention settings inside their service profiles. This feature allows service providers to have continued control over these critical Service-Level Agreement (SLA) or Service-Level Objective (SLO) settings for their customers.


Keep it Moving

Ransomware attacks happen periodically and intermittently, usually dropping off time-triggered malware during their infection process. Zerto users can leverage the move operation to move the very latest copy of the VMs in the VPG to a peer site. This can be used to replicate a potentially infected application into a “sandbox” to run security tests. A move operation is like a live failover, but it involves a graceful shutdown of the VMs to grab the most recent replica of data. Whereas a live failover with Zerto is designed for the lowest possible RTO. A move operation prioritizes the lowest possible RPO.

[Learn more about RTOs and RPOs with Zerto at HPE Discover!]

Zerto Fights Ransomware with Redundancy

The key to designing a strong disaster recovery solution to fight ransomware is redundancy. As ransomware attacks multiple vectors of a virtualized infrastructure, strong disaster recovery architectures can use Zerto’s recovery operations at scale. Consider protecting VMs in up to three different VPGs to achieve this. For example, once a VM is deployed, use Zerto’s JFLR function to create a “gold copy” stored in an offsite repository for long-term journal retention. At the same time, create a test and set in place and a ready to go live failover scenario by replicating a VM to a local site with high bandwidth and low latency to achieve fast recovery times, but set a short journal history. In initially backing up that VM to an offsite repository hosted on cheaper storage, the journal history could be extended up to 30 days. In creating redundant disaster recovery solutions, the same VM can roll back from a ransomware leveraging two different virtual protection groupings.

Zerto continuously offers new functionality to fight ransomware.


Watch the Zerto 9.5 Launch Highlights On Demand

Ready to try Zerto on your own? Click here. 




1. EMSISOFT, “The cost of ransomware in 2021: A country-by-country analysis”, April 27th 2021

2. Federal Bureau of Investigation (FBI), “FBI Flash Report on Ransomware in 2022 (PDF)”, February 4th, 2022

3. The Economic Times | Panache, “5 Cybersecurity Threats To Watch Out For In 2022”, January 20th 2022

Anthony Dutra

Anthony Dutra is a Technical Marketing Manager (TME) at Zerto, a Hewlett Packard Company who specializes in solution architecture, designing microservices in the public cloud, and developing web3 (blockchain) applications. For the past decade, Anthony has leveraged his Master’s in IT Management to become a trusted technical partner with organizations seeking to modernize their data center or migrate to the cloud.