Free SnapGuard Offering to Fight against WannaCry

As an immediate response to the currently ongoing worldwide attacks on IT systems by wcrypt/wcry/wannacry ransomware, NetApp technical alliance partner Cleondris offers a free one-month license for SnapGuard LE to all NetApp Data ONTAP customers. SnapGuard not only protects your systems against future attacks but its differential restore helps customers to revert encrypted files without affecting recently added user changes.

Please note that NetApp Data ONTAP cannot be infected with the ransomware directly, however, infected Windows clients are able to encrypt data stored on centralized CIFS shares on NetApp Data ONTAP. With SGLE you can stop clients from doing that and you are able to revert affected CIFS shares with the differential restore feature. SGLE works directly on NetApp Data ONTAP and does not need any agents or other functionality on clients. It is fully compatible with existing anti-virus software.

1. Download SGLE

You can find the current download for SGLE (SnapGuard Light Edition) here: SGLE download

2. Get a free license

Please register yourself on our support portal to get a free 1-month trial license with unlimited functionality and unlimited NetApp Data ONTAP controller support (7mode and cDot).

  • You need to create an account and we will send you an activation e-mail for verification purposes.
  • After you have verified your account, you can login and create an organisation that represents your business entity.
  • In the license section you are then able to select your organisation and create a trial license and download the corresponding trial key.

3. First Steps with SGLE

We will publish detailed instructions over the weekend. Here are some quick start instructions:

  1. Choose a password to protect the settings of the software
  2. Enter your license key: Setup/Manage Licenses...
  3. Add your NetApp filer/cluster
  4. If possible, enter NDMP credentials as well, this will help to speed-up volume analysis.
  5. Apply an FPolicy to important volumes - you can use the FPolicy wizard to download the current extension list from https://fsrm.experiant.ca, it already includes wcry and many other ransomware patterns.
  6. Analyze Volumes (file extensions) to check for encrypted files
  7. Use differential restore (restore button is located in the volume detail view) to selectively restore files from earlier snapshots

If you use our software to download the ransomware extension list from fsrm.experiant.ca, then please consider donating to them so that they can continue their work (they have a Donate link on their page).

Updated instructions and a updated software release will be published here, stay tuned

4. Questions

Please do not hesitate to send questions/improvements to wcry@cleondris.com - There will be a FAQ on display soon.

News

2017-04-26

The SGEE beta is available for download.

2017-04-24

The latest stable SGLE is available for download.

2017-01-19

Join us for the NetApp Ransomware Bootcamp in Wallisellen, at the NetApp Switzerland office.

2016-05-12

CDM 4.0 now supports stealth snapshot backups for cDot based NetApp Data ONTAP systems.

2016-05-06

Upcoming: we are working on a super easy to use NetApp fpolicy manager.

2016-04-04

CDM 4.0 is available for all customers. It includes new features like SnapRadar and a new virtual appliance with extended update support until 2020.