NetApp CryptoSpike | Der Echtzeit-Schutz gegen Ransomware

Ransomware – A serious threat.


It was the middle of the night when the University Clinic in Düsseldorf fell victim to an attack and it hasn’t been able to access it's digital records since then.

This kind of story sadly isn’t a one-off. According to estimates, a company is infected with ransomware every 40 seconds and all it takes is one employee to click on something they shouldn't and then the whole network is infected. Ransomware doesn’t only affect a computer’s local memory, but also any shared drives. With this in mind, anyone using network attached storage (NAS) should look into ransomware protection as there is a real risk that malicious software can lurk on the network for months before being noticed, increasing the risk of your files being lost for good. 

Sophos Ransomware Report 2022 Facts and Figures.


Businesses and authorities now count ransomware attacks as the biggest cybersecurity threat. 

66 %
of businesses fell victim to ransomware last year, an increase of 78% compared to the previous year.

65 %
of attacks resulted in data being encrypted.

Impact on business:

90 %
86 %
loss in productivity
39 %
data loss
Your integrated solution –
ONTAP data management software includes over 30 advanced data security features.


As a leading data management provider, NetApp is bundling its expertise to mitigate the impact of ransomware where it is most keenly felt—on the data layer.

Our portfolio of solutions has been designed to protect your data against threats and accelerate data recovery. Ransomware is a multi-layered threat that demands a multi-layered solution with a focus in storage and services that are smart and robust and which lay the groundwork for data backup, detection and recovery. If the worst does come to pass, you need a fast, reliable and simple process to get your storage up and running again.

NetApp helps you effectively protect your data through active management, monitoring and correction.
  • Block malicious files before they are written to your hard drive
  • Create write-protected NetApp Snapshot copies to counteract file infections  
  • Identify strange storage behaviour that could point to a malware attack
  • Quickly recover data with efficient remote copies remote storage failover
  • Analyse logs and use forensic processes on the file-level to isolate threats.
Your all-in-one ransomware package
NetApp ONTAP Data Management

Identify the systems to protect –

NetApp Cloud Insights
  • Tools for monitoring and optimising IT infrastructure
  • Records a company’s resources and determines their dependencies to create a topology of the environment.
  • Reduces the time to error resolution by up to 90%
Identify the data to protect –
NetApp Cloud Data Sense
  • Ensure optimum data governance
  • Monitor sensitive data and permissions
  • Analyses into data security
  • Compliance with statutory requirements
  • Automatic localisation of data breaches
Identify odd user behaviour –
NetApp Cloud Insights
Workload observability
  • Monitor user activity
  • Detect anomalies and potential attacks
  • Policies for automatic responses
  • Forensic and user audit reports
Not forgetting
ProLion CryptoSpike – Real-time protection.


CryptoSpike has been specifically designed for NetApp ONTAP storage systems. All NetApp Storage transactions are checked in real-time for anomalies in file names and extensions as well as for suspicious behaviour.
  • All NetApp Storage transactions are checked in real-time and affected users informed immediately.
  • User behaviour, file extensions and names are continually checked and compared against a blacklist. 
  • CryptoSpike Manager for the intuitive management of settings.
  • Immediate information on where the attack has taken place and support in the recovery of damaged data.
  • Early detection of attacks prevent further encryption and thus potential data loss.
  • The attack is smothered and any attempts at blackmail blocked.
NetApp CryptoSpike | Der Echtzeit-Schutz gegen Ransomware

CryptoSpike and FPolicy Server can be easily installed as a software image (.ova).

Potential attacks are identified in the following ways: 
  • White list – Includes all file extensions allowed in your company copied from your storage upon installation
  • Black list – Currently Includes some 1,800 known ransomware file extensions and names. Updated daily. 
  • The Learner module is the most critical component of second-level security as ransomware only rarely changes file names/extensions making it difficult to identify encryption. Learner analyses user behaviour patterns within the company such as read/write/open/close file operations. For example, the last 50,000 transactions in the network are recorded and saved in the white patterns list. There is also a black patterns list with examples of current ransomware behaviour patterns.

CryptoSpike in a nutshell (only available in german):

Please allow cookies to see content from Youtube.

We use Youtube to embed video content on our website. This service may collect data on your activity. For more information, please go to the settings page.

Downloads (only available in german).
CryptoSpike – Ransomware protection and access transparency.
Download (pdf)
Data sheet:
CryptoSpike – Ransomware protection and access transparency.
Download (pdf)

Questions about CryptoSpike?

Simply write us an e-mail. We are happy to help. 

Gabi Schmidt

Gabi Schmidt

VIPM Data Centre Solutions

Send e-mail

Tiago Martins

Tiago Martins

VIPM Data Centre Solutions

Send e-mail