Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Ransomware Recovery 101: You’ve Been Hit, Now What Do You Do?

    By
    Chris Preimesberger
    -
    April 26, 2017
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      PrevNext

      1Ransomware Recovery 101: You’ve Been Hit, Now What Do You Do?

      Ransomware Recovery 101: You've Been Hit, Now What Do You Do?

      Ransomware is coming to your neighborhood. Now a $1 billion-per-year industry, ransomware has quickly become one of IT and security pros’ biggest fears. According to a recent study by CyberEdge Group, more than 60 percent of organizations are likely to experience an attack. The scariest part? Most aren’t fully aware of the consequences—and how to appropriately recover. When data is being held hostage, there’s no way to keep up with business as usual. Whether it’s identifying what is missing, deciding whether or not to pay the ransom, or determining how to recover lost files, there are key recovery aspects that go unaddressed. This eWEEK slide show, using industry information from Paula Long, CEO and co-founder of DataGravity

      ,

      offers tips that can help businesses plan for and implement a ransomware counterattack.

      2Stop the Intruder in His or Her Tracks

      Stop the Intruder in His or Her Tracks

      One of the biggest mistakes organizations make when hit with ransomware is making a decision about whether or not to pay the ransom before they’ve done any preliminary investigation. Before jumping into a recovery plan, the first step is to secure the crime scene and shut down users immediately.

      3Don’t Forget About Cross-Contamination

      Don't Forget About Cross-Contamination

      To ensure the issue isn’t propagated to other copies of the data, turn off snapshot schedules and double-check your stored snapshots to confirm that they’re not being deleted automatically. You may want to also turn off automated disaster recovery (DR) tools, especially if you aren’t doing synchronous replication. In the case of synchronous replication, the DR site is already contaminated. In snap-copy scenarios, there’s a chance things have propagated.

      4Determine What’s Been Compromised

      Determine What's Been Compromised

      Once you’ve stopped the spread of the attack, establish what data was impacted. Don’t forget to take inventory of audit logs and previous snapshots. Depending on who was infected and the timing of the attack, it is possible, at times, to unwind what happened.

      5Weigh the Costs

      Weigh the Costs

      Here’s where the math comes in. Do a cost analysis of the ransom versus the data. Is the cost of being out of business for hours, days or weeks worth more than the ransom? It’s important to remember, however, that there is a risk associated with paying up. There’s no guarantee that the data will be returned in its original state—if at all.

      6Weigh the Not-So-Obvious Costs, Too

      Weigh the Not-So-Obvious Costs, Too

      Remember there’s more than just the financial consequences that come with downtime and paying the ransom itself. In addition to the legal costs, employee time and reputational damage, consider how IT operations are going to be affected. Acknowledge that there’s a chance the IT department (and many others) will not be able to continue to operate if the data becomes unavailable. 

      7Pay Up or Don’t Pay Up: Your Choice

      Pay Up or Don't Pay Up: Your Choice

      After analyzing the situation, it’s time to decide whether or not to pay the ransom. If you choose to pay up, keep in mind that there’s no promise that you’ll get your data back. Cross your fingers and hope everything works out. If it doesn’t, go to the next slide. If it does, move on to Slide 10.

      8Begin the Recovery Process

      Begin the Recovery Process

      If you choose to not pay the ransom, now the work begins. In determining whether to pay or not pay, you have scoped, at least at a high level, the extent of the damage. If the damage was isolated to a small set of users on dedicated resources, the recovery should be straightforward.

      9Don’t Overlook Shared infrastructure

      Don't Overlook Shared infrastructure

      However, if the issues made it into shared infrastructure, you need to figure out what was impacted. If you have some form of audit or network logs, you might be able to identify which shared resources were affected and may even be able to determine which files could have potentially been accessed.

      10Keep the Data You Have to Restore to the Absolute Minimum

      Keep the Data You Have to Restore to the Absolute Minimum

      Without access to the information you uncovered in Slide 8, you could find yourself rolling back to a time before the issue happened, and losing data that was still good. To avoid wasting time (and perfectly good data), invest in tools that can get you lists that can help you make smart restores. 

      11Avoid a ‘Groundhog Day’ Scenario With Backups

      Avoid a 'Groundhog Day' Scenario With Backups

      While frequent backups are often a good thing, turning to them for ransomware recovery isn’t always a wise idea. The more frequent they are, the more likely your backups will be infected with ransomware as well. It is important to remember that backups are read-only, so cleaning them up is going to be a challenge too.

      12Evaluate the Recovery Process

      Evaluate the Recovery Process

      Every organization has a different experience when responding to ransomware, and there will always be a learning curve. Determine what worked (and what didn’t) and take that into account to ensure that your organization is prepared for a future attack. 

      PrevNext

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×