The cyber attacks that have been in the news recently have placed the following question at the top of the agenda: how do you get your business up and running again as soon as possible in an emergency situation like this? If you fall victim to a ransomware attack or, even worse, a cryptoware attack, a recovery operation is no easy task.
Ransomware is a form of malware. As the term indicates, its purpose is to take computer systems hostage. Cryptoware goes a lot further and also takes the data on those systems hostage by encrypting it. After infection, hackers offer to reverse this encryption for a fee, but without any guarantee that this will actually happen.
The cryptoware itself is relatively easy to remove; the file encryption, however, is not. If your systems are infected with cryptoware, you no longer have access to your computer files. You may not even be able to access your backup files anymore – and then it really is a disaster.
Assess the damage
A ransomware infection happens before you know it: the virus gets into the system through attachments in emails and links. It also spreads quickly, making its impact significant. That's why it is essential, first and foremost, to accurately assess the damage caused: which data and systems in which parts of your organization has the virus affected? And how hard did it hit them?
In the event of an infection with cryptoware, such as the infamous CryptoLocker, the consequences are usually quite serious. If most – or all – of your files are encrypted, this can even lead to bankruptcy in some cases and therefore be fatal.
Draw up and put in place a recovery scenario in advance
Prevention is better than cure. Yet the best cure for ransomware is to make sure you don't get infected in the first place. If it does happen, make sure you have one or more scenarios ready. Such a 'playbook' can be incorporated into a broader disaster recovery plan, which should help to ensure the continuity of your business at all times. You should also regularly test and practice this recovery scenario in order to be as prepared as possible for a ransomware attack.
Whatever is in your emergency plan, logic dictates that you first try to get your critical systems up and running again. This, in turn, requires a thorough analysis of your infrastructure, in which the more and less critical systems are neatly mapped out.
Keep backup architecture up to date
If an incident – such as a malware attack – occurs, your backup files are your last line of defense. Everything depends on your backup architecture. How is it set up? And to what extent has it been affected? The answers to these two questions largely determine whether and how you can carry out your recovery plan. For example, if you have two data centers and only one of them has been hit, you can quickly perform a failover from one to the other. If both data centers are affected, you will have to recover everything manually and you may have days (or even weeks) of work ahead of you. What's more, this is based on the assumption that your data has been stored elsewhere (either online or offline) – and that you have access to it. All data that you cannot restore, manually or otherwise, will unfortunately be lost.
Ransomware vs backup: five golden tips
- Create valid and recent backups of all systems needed to run the company
- Keep offline copies of your backups, on tape or in the cloud (not connected to the company network and only used for backups)
- Provide operational restore procedures for all systems needed to run the company
- Identify trained employees who can carry out a restore assignment and test the procedures on a regular basis
- Design your backup policy with proper security in mind so that ransomware never has direct access to the backup systems
Realdolmen helps you develop your complete backup policy: from processes and procedures to the implementation of all necessary hardware and software. Want to find out more? Please contact us at firstname.lastname@example.org