hamburger icon close icon
Ransomware Recovery

Fighting Ransomware with NetApp BlueXP Backup and Recovery

Ransomware attacks are one of the most malicious threats enterprises face today. Data lost in such attacks can bring businesses to a standstill. The quickest way to recover from a ransomware attack is to recover the data from a usable point-in-time backup copy. However, ransomware attacks are evolving to target backup data as well, which could derail your ransomware recovery plans.

In this blog, we’ll explore the security features of the BlueXP backup and recovery capability that can help protect your enterprise data and backup copies from ransomware attacks.

Jump to a section in this post:

BlueXP Backup and Recovery: Security Capabilities

BlueXP backup and recovery is a first-party backup solution from NetApp. It’s designed to integrate with NetApp ONTAP storage solutions right out of the box. BlueXP backup and recovery integrates all the most important features required for modern-day backup requirements, such as storage economy, efficiency, and security. It creates incremental forever backups on the block level that ensure the backup process is efficient. Backups are stored in cost-efficient object storage in AWS, Azure, Google Cloud or StorageGRID® appliances, which helps reduce the overall costs associated with backup storage.

BlueXP backup and recovery also offers the most comprehensive set of security features in the market, ensuring your data remains protected from targeted malware attacks. Let’s take a more detailed look at its capabilities.



During a ransomware attack, the threat actors will try to access and manipulate backup data copy, rendering it unusable. BlueXP backup and recovery makes your backup copies immutable, in other words, read-only by design. It helps thwart any attempt to change the backup data during a ransomware attack. These backup copies can then be used for point-in-time recovery of your enterprise data to a working state.

BlueXP backup and recovery’s immutable strategy is powered by NetApp Snapshot technology. It uses WAFL® (Write Anywhere File Layout) technology where the original data volume isn’t modified but rather uses new data blocks for updated data. Pointers reference these new data blocks without editing the original data. The backup copies are independent of the source thanks to the technique of taking immutable Snapshots, which also makes ransomware recovery simpler.

Read more about immutable copies in BlueXP backup and recovery here.

SnapLock Protection

SnapLock Protection​-1

The Write Once, Read Many (WORM) storage system prevents data from being modified or erased by allowing only one-time write operation to a storage medium. Once the data is written, there is no longer the option to edit or modify it. The industry standard WORM data solution, NetApp SnapLock, is built into ONTAP storage systems and is supported out of the box in BlueXP backup and recovery. It acts as a line of defense against ransomware attacks targeting your backup copies.

With BlueXP backup and recovery, you can take backups of SnapLock-protected data volumes and store them in the target cloud or on-prem object storage of your choice in the StorageGRID appliance. SnapLock’s integration with BlueXP backup and recovery facilitates an air-gapped backup solution that protects your data from ransomware attacks. Data is stored in a different format in an offsite location, helping you meet your 3-2-1 backup requirements. The WORM data volumes enabled by SnapLock are immutable by nature and remain that way in the target backup storage, allowing for faster business recovery and better protection from ransomware attacks.

Read more about SnapLock and BlueXP backup and recovery here.

Indelibility Through DataLock

Indelibility Through DataLock​-1

The DataLock feature incorporates object storage service WORM capabilities with BlueXP backup and recovery. This provides an additional layer of protection for backup data in the destination storage. DataLock supports the native WORM capabilities of AWS, Azure, and GCP as well as on-prem StorageGRID object storage.

The WORM protection for destination can either be in Governance mode or Compliance mode. While Governance mode offers some flexibility to administrators to overwrite or delete protected data, Compliance mode ensures complete indelibility during the retention period. This helps meet stringent data security standards of highly regulated environments. The data cannot be overwritten or modified during its lifecycle, providing the strongest level of protection for your backup data copies. With DataLock protecting these volumes as WORM in destination, BlueXP backup and recovery enables end-to-end ransomware protection for your data.

Read more about using DataLock to keep BlueXP backup data immutable here.

Ransomware Protection for the Backup Copy

Ransomware Protection for the Backup Copy​-1

To provide an additional layer of security for your data, BlueXP backup and recovery includes a ransomware scan and protection feature. It helps detect any attempts to change backup copies and recover a consistent copy of your data.

If any attempt is made to access the DataLock-protected WORM data copy, a new version of the object is created discreetly. The ransomware protection feature in BlueXP backup and recovery will compare the checksum of the two versions of the object and generate an alert if a ransomware attack is detected. These scans are initiated while transferring data to object store, during restore, or on-demand as required by the user. The restore process is initiated based on the scan process and helps with point-in-time recovery.

Both DataLock and ransomware protection features can be enabled through the same wizard on BlueXP backup and recovery. Together, they provide comprehensive protection for your data backup.

Read more about the BlueXP backup and recovery’s ransomware protection feature here.

Additional Security Features

Security Features​-1

In addition to the features mentioned here, there are other security features available natively with BlueXP backup and recovery. Data at rest and transit are protected using industry-standard encryption, with flexibility for customers to choose their encryption keys. Data always remains in the environment controlled by the user integrated with IAM permissions of the respective storage service provider. The service also supports dark site deployments, where all the components of backup can be deployed on-premise with no internet access by integrating it with StorageGRID.

Read more about ransomware protection and security features in BlueXP backup and recovery here.


The security features of BlueXP backup and recovery help restrict the negative impacts of a ransomware attack. Data remains protected, indelible, and immutable through features such as SnapLock, DataLock, and ransomware protection. You will always have visibility on the protection status of your data estate and get alerts of any attempted attacks.

A well-defined backup strategy powered by BlueXP backup and recovery can help immunize your data estate against increasing ransomware threats. With backup data that’s always accessible and can’t be accessed or altered by attackers, your organization will have an easy time getting back on its feet and assuring business continuity.New call-to-action

Semion Mazor, Product Evangelist

Product Evangelist