Ransomeware Preparedness and Recovery Guide

Download PDF

Ransomware has proven to be phenomenally effective at producing a fortune in ransom payments for its nefarious authors. It’s been estimated that in late 2013, over a span of just three months, the infamous CryptoLocker virus raked in nearly $30 million in payments. The astonishing “success” of ransomware makes one thing certain: It’s only a matter of time before the next form of malicious ransomware strikes. There are steps you can take to prevent an attack, and a few ways to get your data back if your systems become infected. The first step is knowing what Ransomware is and the recent forms it’s taken to extract payments from its many victims.

Ransomware Overview

Ransomware is a type of malware that prevents users from accessing their data until they pay a ransom. Most ransomware viruses are triggered by clicking a link in an email or opening an attachment. When combined with phishing techniques, these emails may seem like normal correspondence from a business partner.

Recent Forms of Ransomware

Ransomware in its various forms has been around since 1989, and it shows no signs of slowing down. The problem has gotten worse in recent years due to the popularity of mobile devices and anonymous payment methods, like Bitcoin, which make it easier for cybercriminals to cover their tracks and evade law enforcement.

How to Prepare for a Ransomware Attack

It’s important to warn employees about clicking on suspicious attachments, but they may fail to adhere to the policy or simply be fooled by a well-targeted phishing attack. Additionally, while firewall protection and security software are crucial components in a ransomware-prevention strategy, they won’t guarantee protection. When prevention methods fail, the best way to regain access to your data is by having a backup plan in place.

Since the latest version of your files may be affected by the virus, a backup solution with a versioning feature is necessary. It allows you to roll back to a specific date before your systems were infected. Although ransomware will eventually make itself known to you, the virus can take hours or days while it spreads and encrypts your files before sending you the ransom message. On shared drives, this is a huge problem when suddenly, not only are your files unusable, but creating new ones results in more infected files. The only way to get things back to normal is to roll back to a complete, clean set of files that was backed up before the initial infection took place.

This is where the frequency of your backups becomes a key component of your recovery strategy. The more frequently you back up, the more recent your recovery point can be. Having automatic, continuous backups also ensures data protection with minimal human intervention. Depending on the nature of your business, it may be worth the peace of mind and risk reduction to have more frequent, continuous backups.

An added benefit of using a backup plan as part of a prevention strategy is that it also protects you from other common causes of data loss, such as server or disk failure, natural disasters and human error.

While any data recovery effort costs time and resources, paying a ransom might be an even bigger risk since it doesn’t necessarily guarantee you’ll get your data back. You’re essentially counting on the trustworthiness of thieves to give you the encryption key after they’ve taken your money. With a complete backup of your data that includes an earlier version of your system before it became infected, you stand a very good chance of recovering most of your data without ever having to pay a ransom.

5 Steps to Take if Your Systems Become Infected

If you have a comprehensive malware-prevention strategy in place and a backup plan is part of it, here are the 5 steps you should take if your systems become infected:

  • As soon as you’re aware of an attack on your computer, file server or network, immediately shut down all file sharing activity.
  • Use your antivirus software to determine where the infection happened. If you can’t determine where the infection originated using antivirus software, right click on an infected file to find out the last user or computer to make changes to the file. This will tell you where the infection originated.
  • Assess the extent of the infection and the damage.
  • Remove the virus by deleting all infected files.
  • Use your backup application or dashboard tool to recover clean versions of the infected files.

Download the full pdf version