CryptoSpike Robert Graf CEO Mobil +43 664 131 44 03 Email: rg@prolion.at

About ProLion CEO, Robert Graf Headquarter in Austria ProLion invented ClusterLion (automatic switchover for MC) NetApp Alliance Partner Product distribution: ABO, Arrow, ALEF, ICOS, INGRAM, TIM We are focused on NetApp

Our Portfolio

Worst Ransomware Strains Source:

Every 40sec. a company gets infected! National Bank of Ukraine

Cybercrime 2016 One third (32%) of all surveyed institutions were affected by ransomware in the last 6 months. Only 18% of those affected have brought the incident to the criminal complaint. Ransomware (+94,4%) Cases of Some Links: Allianz für Cybersicherheit Europol Internet-organised-crime-threat-assessment-iocta-2016 Bundesamt für Sicherheit i.d. IT Empfehlungen Ransomware

Ransomware Damage

Who is behind Ransomware Source:

Motivation for ransomware attacks Source:

Detection time is important... …realtime detection and blocking, saves money!!! Source:

CryptoSpike CryptoSpike Concept CryptoSpike Manager Blacklist Collect Blacklist form different Websites Blacklist *.*locked *.*kraken *.*crypto *.*cry *.exx License Mgmt Add new Customers Blacklist Updates *.*locked *.*kraken *.*crypto *.*cry *.exx *.*locked *.*kraken *.*crypto *.*cry *.exx Customer Information (LicenseKey, Customer Name, Site Information, etc.) load CryptoSpike Blacklist manage Blacklist Pushed to CryptoSpike .pdf .xls .doc .jpg .giv Whitelist Pattern: SMB… CryptoSpike Portal Setup Wizard Blocked Users File History /Restore Config. / Management Pattern Learner Pattern: SMBxxx CryptoSpike Server Fpolicy Server

Live-Demo Live-Demo

NetApp Volumes Vol. 1 Vol. 4 Vol. 2 Vol. 5 Vol. 3 Vol. 6 Vol. 7

File System Operations 2.000 User Vol. 1 50 Mio. Files Vol. 1

Ransomware Attack 3 days data loss!!!! Only one option: 2.000 User Vol. 1 50 Mio. Files 10.000 Files manipulated Vol. 1 Only one option: Total volume restore to Tuesday SnapShot Ransomware Attack Ransomware Attack: File name and file type didn’t change! Last access date didn’t change! All files look the same! How can you separate good from bad content? Mo Tu We Th Fr SnapShots Data 3 days data loss!!!! good data

! ! ! ! ! ! ! CryptoSpike All other users continue without data loss! Vol. 1 50 Mio. Files 10.000 Files manipulated Vol. 1 ! ! ! ! ! Restore only affected content to Tuesday SnapShot ! single file restore Ransomware Attack Active blocking mechanism! Find affected files easily Transaction-Log of all files Detailed history per user Restore only content for affected user! ! Mo Tu We Th Fr SnapShots Data All other users continue without data loss! good data

Triple detection Blacklisted knowing ransomware Creating a whitelist on customers data Our algorithm learns data access patterns and can differentiate between User- and Ransomware access

Configure Policy Simple to manage Everything in one portal Fire-and-forget-mode or detailed manual configuration

Block Ransomware Blocking user access, as soon as Ransomware is detected Alarm via email and portal event Getting details and files who are infected, for the restore

One-Button-Restore Klick on files which need to be restored /RestoreFolder Klick on files which need to be restored Press „Restore“ button Select SnapShot version Specify Restore-Folder Klick on „Restore“ button Done!

Crypto Spike Benefits Easy to deploy (.OVA) Realtime detection of Ransomware <0,5ms Automatic user blocking within the same time Blacklist will be managed and updated automatically Whitelist of customer data increases security Self-learning engine generating white and black access pattern Comprehensive information for single file restore One-Button-Restore from NetApp SnapShot No additional NetApp licenses cost

Lukaskrankenhaus in Neuss

CryptoSpike and ClusterLion Thank you!