Ransomware recovery: 10 tips from the experts

Whitepaper

Ransomware attacks are making headlines as more high-profile incidents disrupt business operations. Learn more as IDG shares 10 key tips on how to protect your organization.

September 15, 202112 mins
ransomware recovery 10 tips wrom the experts

Ransomware attacks are making headlines as more high-profile incidents disrupt the business operations of major corporations. At the same time, the cost of responding to ransomware attacks has skyrocketed. These devastating attacks cripple businesses and leave them with two choices: recover locked data through backups or pay the ransom – which can range from hundreds of thousands to millions of dollars.

The financial cost of the ransom is only part of the impact. There are also downtime costs, reputational damage, and the possibility for more extortion in the future. And, unfortunately, paying the ransom does not guarantee recovery. According to The State of Ransomware 2021 report from Sophos, more than twice as many organizations restored their data by recovering via backups (56%) than paying the ransom (26%).

Back it up: The importance of secure storage

The best way to ensure your data is not held hostage in a ransomware attack is with secure storage. The following practices can put you in an optimal position to best recover if hit with a ransomware attack.

  • Offsite storage
    Back up an extra copy of your data offsite so you have a gold copy to recover from should the worst happen.
  • Physical isolation
    Store a gold copy of data in cold storage, which is disconnected from all networks.
  • Tape backups
    Leverage tape as a fail-safe. Tape is cheap, reliable, and secure—the time and cost to store a gold copy on air-gapped tape is miniscule compared to the money at risk in a ransomware attack.
  • Be ready to fail-over
    Fail-over to a recovery environment while you look to remediate the malware/restore to the fail-over environment with a gold copy of data.

What happens if it happens

Even with the best security practices in place, many organizations still fall victim to ransomware. What do you do if it happens to you? Take the following steps immediately following a ransomware attack for the best possible outcome.

  • Figure out what sensitive data criminals may have
    Knowing this is key because criminals often use this data for extortion. But isolating the data can be challenging, which is why an extra, gold copy of data backed up offsite can help.
  • Determine next steps and options for responding to the attack
    Many organizations make the mistake of trying to navigate recovery alone. Call in a trusted third-party provider to help minimize the damage.
  • Call in a third-party disaster recovery expert for help
    Many organizations make the mistake of trying to navigate recovery alone. Call in a trusted third-party provider to help minimize the damage.
  • Immediately isolate the malware
    Stop movement around the environment as soon as you discover the attack.
  • Restore with safe backups
    This is where preparation is key. Safe backups can mean the difference between a devastating outcome and an inconvenient security incident.
  • Fail-over
    Fail-over to a recovery environment while you look to remediate the malware/restore to the fail-over environment with a gold copy of data.

Future prevention

After the attack is remediated, it is essential to learn from the incident and make plans to prevent a recurrence. Assess how the attack took place and determine what needs to be done to prevent another. Ensure you are ready to recover should you be attacked again.

IT best practices say you should leverage 3-2-1 to properly protect the critical data that runs your organization. That means:

  • 3 copies of data – primary, plus 2 copies for safekeeping
  • 2 copies on two different types of storage – prevent a single source of failure
  • 1 copy offsite for ransomware recovery and disaster recovery