(upbeat music) Ransomware is a constant threat, and the hackers are after one thing, your data. At NetApp, we believe in protecting your data with a layered approach. We help you identify, protect, and recover your data with integrated tools that are easy to use and help you sleep at night. I'm Phoebe Goh, and today I wanna show you how easy it is to protect, detect, and recover your data with NetApp ONTAP, let's go. We're on the desktop of a server. It's connected to a marketing file share that is hosted on a NetApp array. In it, we can see a mix of file types. We'll jump into BlueXP to manage Autonomous Ransomware Protection. ARP has a learning mode with intelligent algorithms, which observe normal behavior on the system. It can then automatically turn on active mode, or we can turn it on manually to enable ransomware protection. Autonomous Ransomware Protection watches my data for unusual behavior and automatically responds to protect it. Let's test it out by running this ransomware attack on the marketing share. In this simulated attack, I'm going to encrypt all of the files just like a hacker would. In the real world, this could be kicked off by an infected email attachment, a compromised website, or a malicious user. Let's see what it's doing to my files. Data that's been encrypted by this ransomware attack is given this extension of .lckd and cannot be open normally. Let's head back into BlueXP to see what Autonomous Ransomware Protection has been up to. It's identified some suspicious behavior and it's automatically taken a snapshot as soon as it noticed this attack was happening. There's one more attack vector we need to look out for. Compromised admin accounts and insider attacks can and will attack storage snapshots by attempting to delete them. Let's try that now. You can see that ONTAP tamper-proof snapshots prevent deletion of these snapshots even by a full administrator like myself. This uses the ONTAP SnapLock capability to protect my snapshots from this attack, stopping them from being deleted until the expiration time is reached. Let's go to the next step, recovery. We can recover our data from any snapshot as we know these haven't been compromised. Let's use the one that Autonomous Ransomware Protection took at the start of the attack. To do this is as simple as a couple of clicks to recover that volume in place. Back in my marketing share, you can see my files have been recovered to how they were at the time that the snapshot was taken. There are three files at the top that still have the .lckd extension. These were the first signs that we were being attacked by ransomware. But don't forget, we have all these other snapshots that were also taken at five minute intervals that can be used as recovery points. In this case, we'll just browse straight into the ~snapshot directory and find one of those previous snapshots. Then we'll copy out the three files that were still encrypted on the production version of this share. We'll just copy them to the desktop and copy them straight into the share. And those leftover ransomware files, we can save them for further investigation. Today, we're just gonna get rid of them. Back to how it was at the start of the day. So, what did you think? Layers of protection from ransomware with ONTAP's Autonomous Ransomware Protection and tamper-proof snapshots. (upbeat music)