Ransomware is a US$2 billion criminal industry that affected 40% of organisations during 2017-18, he said. Thirty-five percent of cases were resolved by paying the ransom.
"Legacy back-up solutions are ineffective against today's ransomware attacks, which have become a top concern for almost every organisation," said Cohesity vice-president of product management, Raj Rajamani,
"Real protection requires an integrated approach that combines proactive defence measures, intelligent monitoring, and the power to restore massive amounts of data immediately."
Cohesity's SpanFS immutable file system already works to ensure that any changes to backup data create clones, leaving the previous version intact and available for restoration.
This has been enhanced by the new DataLock function that provides WORM-style capability. Regardless of the credentials presented, a DataLocked snapshot cannot be changed or deleted for a specified period.
Cohesity users can combine these features to ensure they always have a protected backup, he said.
Furthermore, the new release provides for multifactor authentication to help ensure that authorised users really are who they purport to be.
The updated version of the Cohesity Helios SaaS-based secondary data and application management solution goes beyond detecting changes in backup data rates (which can be symptomatic of a ransomware attack) to monitor file-level anomalies concerning unstructured files and object data.
Any such anomalies are brought to the attention of IT administrators and Cohesity's support staff.
If a ransomware attack is successful, Cohesity's SpanFS allows a potentially unlimited number of snaps and clones to be retained on premises. As soon as the most recent unaffected backups have been identified (using Cohesity's "Google-like" global search capability), the restoration process can be started from that screen.
This means hundreds of virtual machines can be restored in "minutes rather than hours" of admin time, explained Dutt.
All snaps are fully hydrated, so they can be mounted on the Cohesity platform and accessed in situ as soon as the relevant VM has restarted. The data is then recovered to its normal location in the background while operations continue.
This rapid recovery reduces the risk of lost revenue due to ransomware attacks.
Cohesity's "comprehensive solution against ransomware attack" is available to all customers as part of the latest version of Cohesity DataPlatform, said Dutt. "It's all built into the solution."
The initial reception from analysts and customers given early access to the update has been that it addresses a real problem, and is a comprehensive solution to a growing threat, he said.
University of California, Santa Barbara associate CIO for administrative and residential IT, Ben Price said "Our organisation has experienced two attempted ransomware attacks that have been resolved with limited downtime and expense using Cohesity DataProtect.
"Both incidents involved SharePoint mapped drives that were CryptoLocked and required restoration of the entire database using the previous Cohesity backup and instantly resolved the issue at no additional cost."