How to Recover from a Ransomware Attack

How to Recover from a Ransomware Attack

Having the right cybersecurity solutions in place now will go a long way toward helping you recover from a ransomware attack later.

  • By Patrick Luce
  • Feb 07, 2019

The discussion of ransomware isn’t as common as it once was.

Instead, recent conversations around IoT, cloud security and cryptojacking have gained a lot of traction lately. They’ve essentially overshadowed ransomware, which was once a top-of-mind cyber concern. Regardless, the threat of ransomware attacks remains very real and very potent.

What’s most alarming about ransomware — a type of malicious software designed to block access to a computer system until a sum of money is paid — is that once unleashed, it can wreak havoc on any business or organization regardless of its size.

Having the right cybersecurity solutions in place now will go a long way toward helping you recover from a ransomware attack later.

False sense of security trap

System security threats of all kinds, including ransomware, are essentially one or a combination of the following motivators. When someone attacks your system, typically:

  1. They’re trying to steal something of value from your business or organization.
  2. They're trying to steal something of value from your people.
  3. They're trying to prevent you from accessing systems that are valuable to you so that you'll pay a ransom to gain that access back.

With their security technologies in place, many businesses or organizations are lulled into a false sense of security about ransomware thinking they’re fully protected with antivirus measures. What they fail to understand though is how a ransomware attack can penetrate even the most seemingly well-prepared defenses. With ransomware, there are many points of entry, and only one has to work for the attacker.

Backup systems are vulnerable as well

Even backup systems themselves are vulnerable. When a VectorUSA client was hit with SamSam ransomware in 2018, the client lost 200 servers within 30 minutes and all of their backups. This attack was so effective because SamSam is ingeniously designed so victims can’t recover quickly because their backup systems were wiped out first.

While there is no single technology available to prevent all ransomware attacks, there are proactive measures you can take. Starting with basic blocking and tackling, it’s critical that you minimize your “attack surface.”  Next, your IT systems need to be segmented so when a ransomware attack does occur, you can easily isolate the damage and recover quickly. Finally, your backup systems have to be immune from the attack and be available in a reasonable amount of time to recover.

The larger your organization, the more scale comes into play. If, for example, your own organization has 200 servers in-house and your backup system is in the cloud, consider how long it will take to recover your data to rebuild those 200 systems.

Ransomware is growing in complexity

One of the most disturbing aspects of the threat from ransomware is its explosive growth in complexity over the past few years. Hacking has evolved into producing sophisticated organizations that offer help desks, toll-free phone numbers and more. Frighteningly, it all works very well.

And don’t think that these organizations only target large enterprises. Small businesses generating less than a million dollars a year are just as vulnerable.  And attacks on them can be very targeted by a very talented attacker.

For instance, if a hacker living in an area where $3 an hour is a common wage invests an entire day targeting a company in order to obtain a $10,000 ransom, their potential payoff is huge.

There’s no doubt that if you’re not properly prepared, recovering from a ransomware attack will be difficult. You’re essentially limited to two things:

  1. Identify the source of the attack and make sure that the attack is stopped.
  2. Identify the key systems that will put you back in business or your organization back in operation, and what you need to do to recover.

But what may first appear as the most obvious systems required to remain in operation may actually be different than you might expect.

Determining what’s most important

In school districts, for example, many leaders identify payroll and student information systems as the most critical to keep their schools open. However, from an operational standpoint, that’s not necessarily the case.

Beyond a ransomware attack, if the school district were to suffer some kind of calamity or other disruptive event, many school districts can keep open without their payroll or student information system for a surprisingly long time. What the district couldn’t immediately operate without are transportation and food services, not to mention plumbing.

When you carefully examine IT systems that support overall operations, emotions need to be taken out of the equation before and after a ransomware attack. Three top-level concerns when in recovery are to determine:

  1. What’s been lost while identifying the quickest way to keep schools open.
  2. The bare minimum system requirements needed to resume operations and a recovery plan to restore those systems.
  3. The plan for avoiding a secondary attack. Should you decide to pay the attacker’s ransom, which some school districts do, your recovery may be promptly followed by another ransomware attack. 

Prepare now to fully recover later

If you’ve never been a victim of ransomware, consider yourself fortunate. But don’t let your guard down. Rather than waiting until after an attack happens, the best time to seek counsel on such threats and how you can prepare to effectively recover is before an attack happens.

Talking to someone who's actually worked with businesses and organizations that have been through ransomware attacks, and who understands how attackers think, will provide you a better perspective on what you need to protect yourself.

By setting up basic security technologies and sound management processes now that will limit your ransomware exposure, you’ll be much better prepared to stay in business or operation should you become a victim of a ransomware attack.

Featured

  • Freedom of Choice

    In today's security landscape, we are witnessing a fundamental transformation in how organizations manage digital evidence. Law enforcement agencies, campus security teams, and large facility operators face increasingly complex challenges with expanding video data, tightening budget constraints and inflexible systems that limit innovation. Read Now

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • Midtown Manhattan Shooting Kills 4, Including NYPD Officer

    Four people were killed, including a NYPD officer, in a midtown Manhattan shooting on Monday. That’s according to CNN. Read Now

Most   Popular

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities