What is the gold standard for Ransomware protection?

Write Once Read Many (WORM) storage solutions are now back in fashion, thanks to ransomware. Historically, WORM storage has been used to meet regulatory compliance requirements for data immutability; which means the data cannot be modified or deleted. This was driven by SEC 17a-4, FINRA, and Sarbanes Oxley Act (SOX) regulations. There are over 10,000 regulations globally that require records to be protected by immutability and stored for years if not forever. Recently the rapid proliferation of ransomware attacks and the high cost of outages or payments WORM storage for Ransomware protection is the buzz in storage vendor’s marketing programs. 


Most ransomware attacks typically encrypt data making it unusable. WORM storage takes it the next step and puts files in a Read Only, or unchangeable format. By not allowing a saved file to be modified and retain the same name, WORM storage makes Ransomware ineffective. Ransomware can encrypt the original contents of a file but it must use the “save as” process and use a new file name. Thus, the damage of ransomware is limited to filling up the storage system.


Originally WORM was limited to optical media, which used phase state changes to burn the data into the physical media. Over time, WORM functionality was implemented on traditional disk storage systems through the use of Operating System filter drivers that intercept file-modify operations and prevent them. The limitation with this approach is that a volume had to be 100% WORM or not.

Not all compliance and governance requirements require data to be kept forever and the industry evolved with the notion of a retention period. This is where a file is immutable or in WORM mode for a set period of time. Once the retention period expires the file can be deleted freeing up storage capacity. This is great for protecting unchanging data that just gets added to over time. 

Versioning for changing data

What about my changing data and user data? WORM or retention policies may not be the best choice for these fluid type data as it forces users to change the file name every time they edit the file or the OS saves a temporary version of the file while being edited. This consumes a huge amount of storage capacity and associated costs for managing and protecting it. Some storage vendors enable Versioning, which is simply keeping versions of documents over time as they change. The prior versions can be recalled at any time. This protects from Ransomware, as the Ransomware creates a new encrypted version of a file, you still have the prior versions of the file, hidden from the Ransomware. Versioning also offers the ability to limit the number of versions retained to control storage capacity and related costs. Versioning is half the battle with ransomware; the other requirement is to systematically recover to a point in time before the ransomware infection or attack.

WORM and Versioning the true Gold Standard

Adding WORM for unchanging data and Versioning to changing data adds level of protection at the data level. WORM has been around protecting Enterprises to SMB’s for over three decades, protecting the highest levels of governments, banks, financials, healthcare, and all types of regulated industries.

Secure Archive Manager

Our Secure Archive Manager (SAM) provides extensive data management and data protection capabilities, including WORM and Versioning, to any type of file and object storage, be it on premise or cloud or both. SAM works well with both unstructured data and applications data. SAM protects data with encryption at rest and in transit. It incorporates a Virtual File System which provides a traditional file system view but hides the actual data placement thus limiting the destructive nature of Ransomware. The Virtual File System also allows SAM to easily roll back in time and make the last good version the current version, thus speeding up recovery. SAM supports options to write Disaster Recovery copies of data to remote sites, cloud and multi-cloud, enhancing your data protection.

Next Steps

Trial VM’s of SAM are available to test drive or schedule a 30-minute demonstration and overview.  Additionally you can request a Ransomware whitepaper.