Panzura Best Practices: Ransomware Mitigation

Data on Panzura is immutable, giving you a pristine data set to restore to in the event of a ransomware attack. Follow these best practices to mitigate your exposure, and cut down recovery time.

While Panzura protects data against damage from ransomware, any data held outside of CloudFS may remain vulnerable. Here's what we recommend:

  • Store backups of your SQL and other databases in your Panzura file system
  • Consider Panzura’s archive data tier for cold, seldom-used files
  • Move your legacy storage (NAS) onto Panzura CloudFS


Use an ICAP-compatible anti-virus software, or Varonis, integrated with Panzura, and ensure the software remains operational and up to date at all times. This will prove invaluable in fending off attacks, and in minimizing required recovery if an attack does get through. 


Maintain a “Break Glass in Case of Emergency” vault that contains essential details, with access available to 2-3 highly trusted personnel, or company owners.   Items in this vault should include administrator passwords, and custom encryption certificates.


Ensure administrator passwords are EXCEPTIONALLY difficult to crack, and impossible to guess.   Change these on a regular basis.


Maintain a Data Services subscription.  Its powerful, fast global search and file audit features are extremely helpful in identifying and locating affected files, pinpointing the attack time frame as well as providing early warning based on unusual activity.


Use Active Directory to provide access to Panzura nodes, and maintain best practice internal IT security such as 2-Factor Authentication.