1Ransomware Recovery 101: You’ve Been Hit, Now What Do You Do?
Ransomware is coming to your neighborhood. Now a $1 billion-per-year industry, ransomware has quickly become one of IT and security pros’ biggest fears. According to a recent study by CyberEdge Group, more than 60 percent of organizations are likely to experience an attack. The scariest part? Most aren’t fully aware of the consequences—and how to appropriately recover. When data is being held hostage, there’s no way to keep up with business as usual. Whether it’s identifying what is missing, deciding whether or not to pay the ransom, or determining how to recover lost files, there are key recovery aspects that go unaddressed. This eWEEK slide show, using industry information from Paula Long, CEO and co-founder of DataGravity
offers tips that can help businesses plan for and implement a ransomware counterattack.
2Stop the Intruder in His or Her Tracks
3Don’t Forget About Cross-Contamination
To ensure the issue isn’t propagated to other copies of the data, turn off snapshot schedules and double-check your stored snapshots to confirm that they’re not being deleted automatically. You may want to also turn off automated disaster recovery (DR) tools, especially if you aren’t doing synchronous replication. In the case of synchronous replication, the DR site is already contaminated. In snap-copy scenarios, there’s a chance things have propagated.
4Determine What’s Been Compromised
5Weigh the Costs
Here’s where the math comes in. Do a cost analysis of the ransom versus the data. Is the cost of being out of business for hours, days or weeks worth more than the ransom? It’s important to remember, however, that there is a risk associated with paying up. There’s no guarantee that the data will be returned in its original state—if at all.
6Weigh the Not-So-Obvious Costs, Too
Remember there’s more than just the financial consequences that come with downtime and paying the ransom itself. In addition to the legal costs, employee time and reputational damage, consider how IT operations are going to be affected. Acknowledge that there’s a chance the IT department (and many others) will not be able to continue to operate if the data becomes unavailable.
7Pay Up or Don’t Pay Up: Your Choice
8Begin the Recovery Process
9Don’t Overlook Shared infrastructure
10Keep the Data You Have to Restore to the Absolute Minimum
11Avoid a ‘Groundhog Day’ Scenario With Backups
While frequent backups are often a good thing, turning to them for ransomware recovery isn’t always a wise idea. The more frequent they are, the more likely your backups will be infected with ransomware as well. It is important to remember that backups are read-only, so cleaning them up is going to be a challenge too.
12Evaluate the Recovery Process
Every organization has a different experience when responding to ransomware, and there will always be a learning curve. Determine what worked (and what didn’t) and take that into account to ensure that your organization is prepared for a future attack.