How to Recover from a Ransomware Attack

How to Recover from a Ransomware Attack

Having the right cybersecurity solutions in place now will go a long way toward helping you recover from a ransomware attack later.

  • By Patrick Luce
  • Feb 07, 2019

The discussion of ransomware isn’t as common as it once was.

Instead, recent conversations around IoT, cloud security and cryptojacking have gained a lot of traction lately. They’ve essentially overshadowed ransomware, which was once a top-of-mind cyber concern. Regardless, the threat of ransomware attacks remains very real and very potent.

What’s most alarming about ransomware — a type of malicious software designed to block access to a computer system until a sum of money is paid — is that once unleashed, it can wreak havoc on any business or organization regardless of its size.

Having the right cybersecurity solutions in place now will go a long way toward helping you recover from a ransomware attack later.

False sense of security trap

System security threats of all kinds, including ransomware, are essentially one or a combination of the following motivators. When someone attacks your system, typically:

  1. They’re trying to steal something of value from your business or organization.
  2. They're trying to steal something of value from your people.
  3. They're trying to prevent you from accessing systems that are valuable to you so that you'll pay a ransom to gain that access back.

With their security technologies in place, many businesses or organizations are lulled into a false sense of security about ransomware thinking they’re fully protected with antivirus measures. What they fail to understand though is how a ransomware attack can penetrate even the most seemingly well-prepared defenses. With ransomware, there are many points of entry, and only one has to work for the attacker.

Backup systems are vulnerable as well

Even backup systems themselves are vulnerable. When a VectorUSA client was hit with SamSam ransomware in 2018, the client lost 200 servers within 30 minutes and all of their backups. This attack was so effective because SamSam is ingeniously designed so victims can’t recover quickly because their backup systems were wiped out first.

While there is no single technology available to prevent all ransomware attacks, there are proactive measures you can take. Starting with basic blocking and tackling, it’s critical that you minimize your “attack surface.”  Next, your IT systems need to be segmented so when a ransomware attack does occur, you can easily isolate the damage and recover quickly. Finally, your backup systems have to be immune from the attack and be available in a reasonable amount of time to recover.

The larger your organization, the more scale comes into play. If, for example, your own organization has 200 servers in-house and your backup system is in the cloud, consider how long it will take to recover your data to rebuild those 200 systems.

Ransomware is growing in complexity

One of the most disturbing aspects of the threat from ransomware is its explosive growth in complexity over the past few years. Hacking has evolved into producing sophisticated organizations that offer help desks, toll-free phone numbers and more. Frighteningly, it all works very well.

And don’t think that these organizations only target large enterprises. Small businesses generating less than a million dollars a year are just as vulnerable.  And attacks on them can be very targeted by a very talented attacker.

For instance, if a hacker living in an area where $3 an hour is a common wage invests an entire day targeting a company in order to obtain a $10,000 ransom, their potential payoff is huge.

There’s no doubt that if you’re not properly prepared, recovering from a ransomware attack will be difficult. You’re essentially limited to two things:

  1. Identify the source of the attack and make sure that the attack is stopped.
  2. Identify the key systems that will put you back in business or your organization back in operation, and what you need to do to recover.

But what may first appear as the most obvious systems required to remain in operation may actually be different than you might expect.

Determining what’s most important

In school districts, for example, many leaders identify payroll and student information systems as the most critical to keep their schools open. However, from an operational standpoint, that’s not necessarily the case.

Beyond a ransomware attack, if the school district were to suffer some kind of calamity or other disruptive event, many school districts can keep open without their payroll or student information system for a surprisingly long time. What the district couldn’t immediately operate without are transportation and food services, not to mention plumbing.

When you carefully examine IT systems that support overall operations, emotions need to be taken out of the equation before and after a ransomware attack. Three top-level concerns when in recovery are to determine:

  1. What’s been lost while identifying the quickest way to keep schools open.
  2. The bare minimum system requirements needed to resume operations and a recovery plan to restore those systems.
  3. The plan for avoiding a secondary attack. Should you decide to pay the attacker’s ransom, which some school districts do, your recovery may be promptly followed by another ransomware attack. 

Prepare now to fully recover later

If you’ve never been a victim of ransomware, consider yourself fortunate. But don’t let your guard down. Rather than waiting until after an attack happens, the best time to seek counsel on such threats and how you can prepare to effectively recover is before an attack happens.

Talking to someone who's actually worked with businesses and organizations that have been through ransomware attacks, and who understands how attackers think, will provide you a better perspective on what you need to protect yourself.

By setting up basic security technologies and sound management processes now that will limit your ransomware exposure, you’ll be much better prepared to stay in business or operation should you become a victim of a ransomware attack.

Featured

  • 5 Tips to Improve Your Password Security

    Change Your Password Day is right around the corner. Observed every year on February 1, the day aims to raise awareness about cybersecurity and underscores the importance of keeping passwords strong and up to date. Read Now

  • Enhancing Port Security

    DP World Yarimca, one of the largest container terminals of the Gulf of İzmit and Turkey, is a strong proponent of using industry-leading technology to deliver unrivaled value to its customers and partners. As the port is growing, DP World Yarimca needs to continue to provide uninterrupted operations and a high level of security.To address these challenges, DP World Yarimca has embraced innovative technological products, including FLIR's comprehensive portfolio of security monitoring solutions. Read Now

  • Hot AI Chatbot DeepSeek Comes Loaded With Privacy, Data Security Concerns

    In the artificial intelligence race powered by American companies like OpenAI and Google, a new Chinese rival is upending the market—even with the possible privacy and data security issues. Read Now

  • Survey: CISOs Increasing Budgets for Crisis Simulations in 2025

    Today, Cyber Performance Center, Hack The Box, released new data showcasing the perspectives of Chief Information Security Officers (CISOs) towards cyber preparedness in 2025. In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, TfL, 23andMe, and Cencora, CISOs are reassessing their organization’s readiness to manage a potential “chaos” of a full-scale cyber crisis. Read Now

Most   Popular

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.