Recovery after the ransomware attack | Pentest7

Hackers attack hospitals |

Ransomware extortion can hit any company. It is important to react appropriately and initiate rapid data recovery, explains Alex Restrepo, member of the Virtual Data Center Solutions team at Veritas Technologies, in a guest post.

Ransomware attacks are no longer about whether or when, but how often they happen. A company falls victim to such an attack every eleven seconds. This makes ransomware the fastest growing form of cyber crime. It is therefore not enough to think about strategies to avoid ransomware. Companies also need to consider how to protect and restore their data if it is attacked. Because it’s not just about the security of your data, but of the entire company.

The recent attack on the Scottish Environmental Protection Agency (SEPA) is an example of the importance of an adequate backup and recovery strategy. Hackers stole more than 4,000 digital files from the SEPA. Although the agency had backup systems in place, it was unable to restore all of the records. It can take years for her to fully recover from the attack.

Recovering data from a ransomware attack doesn’t have to be costly. With the right strategies, companies can quickly and securely recover from a ransomware attack and resume operations without major downtime. The following are the most important steps that should be taken into account.

Recovery of the data

In the event of a ransomware attack, the restore options should be checked first. This can mean either a complete reinstallation of the systems and the restoration of the data. Or companies limit themselves to smaller data sets that can be quickly recovered. Depending on the desired outcome, there are a few important aspects to consider:

  • Bare metal restore: If the entire server has been encrypted, a bare metal restore must be carried out. The data from the backup is transferred to a completely new, empty system with a blank hard drive. However, reverting to the bare metal state should not require reinstalling operating systems or manually configuring the hardware.
  • Granular recovery: This option is suitable if companies want to restore certain data as quickly as possible, while the rest of the backup is needed later. This granular restore is usually sufficient to get the company up and running again quickly, even if not all systems have been completely restored.
  • Immediate rollback of VMs: This option is useful when companies need a backup as soon as possible and then want to search for the ransomware. With instant rollbacks, data can be restored from virtual machines in minutes, regardless of where it is stored in the infrastructure.
  • Data center on demand: In this scenario, a copy of the most important data is pre-sent to an off-site server over a public, protected network. The server is usually hosted by a third party who charges a fee based on bandwidth, capacity, or the number of users. Data management software can ensure that costs are kept within reasonable limits. After an attack, all data can be restored on the third-party server.

The best recovery option in each case depends on how severe the consequences of the attack are and how well companies have prepared themselves for the emergency. It is important that you are familiar with the various recovery options in advance. This allows companies to act quickly and ensure that they can continue to operate after an attack.

Improvement of the protective measures

The best time to arm yourself against ransomware is before the attack. However, it may be too late for that. However, there are measures that prevent a company from being in danger again. The following five steps can improve a company’s ransomware resilience:

  • Distribute data: Good endpoint data protection tools for desktops and laptops are important. In this way, companies ensure that the data is continuously backed up at all locations, including those of employees who work on the move. The 3-2-1-1 backup approach has proven itself: at least three copies of the data are stored on two different media, with at least one copy being stored on site and one copy external.
  • Store data securely: Encrypting data can help delay attacks. As a result, the ransomware cannot easily see which data has been saved. If the storage is attacked, it is also much more difficult for the attacker to publish encrypted data online in order to extort more ransom money in this way.
  • Limit access to backup copies: The most common form of ransomware attacks are phishing attacks. Having a limited number of people in possession of backup data can minimize this risk.
  • Schedule regular backups: Frequent backups with a clear goal in mind can reduce the recovery time – by seconds, minutes or even hours.
  • Test data recovery plans: To review data recovery plans, companies need to take their production systems offline for a short period of time. However, doing this is important to ensure that the plans are really effective during and after an attack.

Extra support

Ransomware attacks are on the rise and no organization is safe from them anymore. Authorities and the entire security industry are therefore working feverishly to combat the growing threat.

With the help of industry experts, companies can recover faster from a ransomware attack and prevent further attacks. Specialized providers protect companies and support them in the development of security measures and recovery strategies. Even if companies have a lot of questions – the experts have the answers.

There may never be a clear finish line, a point where you can say, “We did it, we eliminated the ransomware threat.” Asleep knowing that you’ve taken the right steps to minimize losses, speed recovery, and keep your business going.

Leave a Reply

Your email address will not be published.