Showing results for 
Search instead for 
Did you mean: 

The Path to Greater Resiliency: How to Recover from a Ransomware Attack

Level 1

Ransomware attacks are such an increasingly prevalent threat that it’s imperative for enterprises to focus more on recovery while simultaneously mitigating threats preemptively. In other words, preparing your company for the inevitable ransomware attack is growing more critical every day.

As we’re seeing daily, ransomware can strike anywhere your data lives, and this includes the cloud. Your cloud-based applications, workloads, and data might as well be in your data center and be physically present. If there is an Internet connection, being in the cloud or in your data center is the exact same thing.

Veritas’ 2020 Ransomware Resiliency Report found that many enterprises are moving more of their data and workloads to the cloud, creating increased IT complexity, and yet they aren’t as prepared as they need to be. Too many organizations have resiliency gaps that are putting both their data and reputations at risk.

How are they falling short? 42 percent of IT leaders said their companies had suffered ransomware attacks, and many believe their company would struggle to bounce back. Two-thirds of respondents said it would take longer than five days to fully recover, meaning many are forced to pay because every minute of business downtime is precious. Additionally, only about one-third of companies have three or more copies of their data, meaning their backups aren’t robust enough to support a quick and efficient recovery.

Many enterprises believe recovery from a ransomware attack comes down to a choice between paying and getting their data back or not paying and losing their data. But this is a false premise. Even if an organization pays the ransom, they aren’t guaranteed to get their data back, because the ransomware attacker may not have the technical skills to decrypt it. Some attackers are also growing greedier, continuing to withhold data and demanding more money even after the ransom is paid.

Losing your enterprise’s data can be disastrous on many levels. Fortunately, you can take steps to prevent it. Rather than paying the ransom, the best approach to recovering from a ransomware attack is making your enterprise as resilient as possible. More effectively storing and backing up data is key to strengthening your organization’s recovery.

Here are five steps to help your enterprise close its resiliency gap:

  1. Disperse Your Data: Keep three or more copies of data in different locations to reduce the chances of an attacker gaining access to all of your data.
  2. Store Data Securely: Encrypting your data can help delay attacks by making it more difficult for ransomware to identify what data you have stored. If your storage is breached, that means files containing personally identifiable information is much harder to share online because they’re encrypted—deterring attackers from distributing important information as part of a blackmail scheme or an additional source of revenue.
  3. Limit Access to Backups: Restrict backup credentials to help minimize phishing incidents—the most common entry method for ransomware.
  4. Back Up Data Frequently: Shortening your recovery point objective by running backups more often will shrink your ransomware recovery time to hours, or even minutes.
  5. Test Your DR Plan: A disaster recovery plan may look great on paper, but if you don’t test it frequently, you don’t know whether it will hold up when a real disaster strikes. Some enterprises don’t test their DR plan because it would mean taking down their production systems. It’s important to take a DR rehearsal approach that uses networks distinct from your production but still mimic the behavior of your enterprise’s normal resiliency operations.

Keep in mind that our challenge with ransomware is like an arms race. There will likely never be a state where we say, ‘We did it. We solved ransomware.’ You have to be constantly vigilant, especially around those elements that are most under your control. Ensuring your data is backed up and kept out of reach of attackers is key to minimizing loss and accelerating recovery.

Interested in learning more? Read the next in the blog series: Why Enterprises Should Adopt a “Zero Security” Posture Toward Ransomware Threats.