Quorum onQ® Ransomware Edition (onQ®RE) is the latest innovation from Quorum. Built on our award winning onQ® Backup and Disaster Recovery platform, onQ®RE is a dedicated recovery appliance built specifically to recover servers infected with Ransomware
Dedicated hardware, hardened Operating System, all data encrypted in motion and at rest, separate network segment, not part of the Active Directory Domain, isolated sandbox testing
onQ® RE connects to your network and takes snapshots of your production servers. These snapshots are used to create a virtual machine image that can be used to recover your server in the event of a Ransomware infection. At user determined intervals, new snapshots are taken, encrypted and saved to the hardware appliance. Each snapshot is automatically tested to be sure that it will function in the event of an outage.
In the case of a Ransomware infection, the first thing the IT team must do is isolate the affected system to prevent the spread of the infection. Then the last known good snapshot is selected from the onQ® RE management console and the virtual machine copy is started up on the Quorum appliance.
Once fully booted, the system is now on the production network and is ready to take over for the failed server, allowing your security teams to deal with the infection.
Quorum has taken several steps to ensure that your snapshots are safe and secure.
First, the onQ® RE appliance is on its own network segment, and is not a part of the Active Directory domain. This means it is less likely to be targeted by a Ransomware attack.
Second, onQ® RE also runs a hardened Linux operating system, reducing all security vulnerabilities to an absolute minimum.
Third, onQ® is installed on it's own network segment, isolating it from the main network. That means if onQ® RE snapshots an infected server, and then does an automated start-up test, the network segmentation prevents the Ransomware from spreading to other servers on the main network. Snapshots can be examined, tested and scanned in the sandbox, and if infected, admins can roll back to an earlier clean snapshot for recovery.
Finally, all snapshot data is encrypted in motion and at rest, which means that snapshot data cannot be read except by the onQ appliance.
Over the past 2 years, we have had 3 Ransomware attacks, mostly caused by employees opening documents with infected attachments that looked legitimate. We were able to isolate and recover the infected servers in a matter of minutes. I can honestly say, without Quorum, we would not be in business today.
IT Manager, Confidential Oil and Gas Client