How to Recover from a Ransomware Attack

How to Recover from a Ransomware Attack

Having the right cybersecurity solutions in place now will go a long way toward helping you recover from a ransomware attack later.

  • By Patrick Luce
  • Feb 07, 2019

The discussion of ransomware isn’t as common as it once was.

Instead, recent conversations around IoT, cloud security and cryptojacking have gained a lot of traction lately. They’ve essentially overshadowed ransomware, which was once a top-of-mind cyber concern. Regardless, the threat of ransomware attacks remains very real and very potent.

What’s most alarming about ransomware — a type of malicious software designed to block access to a computer system until a sum of money is paid — is that once unleashed, it can wreak havoc on any business or organization regardless of its size.

Having the right cybersecurity solutions in place now will go a long way toward helping you recover from a ransomware attack later.

False sense of security trap

System security threats of all kinds, including ransomware, are essentially one or a combination of the following motivators. When someone attacks your system, typically:

  1. They’re trying to steal something of value from your business or organization.
  2. They're trying to steal something of value from your people.
  3. They're trying to prevent you from accessing systems that are valuable to you so that you'll pay a ransom to gain that access back.

With their security technologies in place, many businesses or organizations are lulled into a false sense of security about ransomware thinking they’re fully protected with antivirus measures. What they fail to understand though is how a ransomware attack can penetrate even the most seemingly well-prepared defenses. With ransomware, there are many points of entry, and only one has to work for the attacker.

Backup systems are vulnerable as well

Even backup systems themselves are vulnerable. When a VectorUSA client was hit with SamSam ransomware in 2018, the client lost 200 servers within 30 minutes and all of their backups. This attack was so effective because SamSam is ingeniously designed so victims can’t recover quickly because their backup systems were wiped out first.

While there is no single technology available to prevent all ransomware attacks, there are proactive measures you can take. Starting with basic blocking and tackling, it’s critical that you minimize your “attack surface.”  Next, your IT systems need to be segmented so when a ransomware attack does occur, you can easily isolate the damage and recover quickly. Finally, your backup systems have to be immune from the attack and be available in a reasonable amount of time to recover.

The larger your organization, the more scale comes into play. If, for example, your own organization has 200 servers in-house and your backup system is in the cloud, consider how long it will take to recover your data to rebuild those 200 systems.

Ransomware is growing in complexity

One of the most disturbing aspects of the threat from ransomware is its explosive growth in complexity over the past few years. Hacking has evolved into producing sophisticated organizations that offer help desks, toll-free phone numbers and more. Frighteningly, it all works very well.

And don’t think that these organizations only target large enterprises. Small businesses generating less than a million dollars a year are just as vulnerable.  And attacks on them can be very targeted by a very talented attacker.

For instance, if a hacker living in an area where $3 an hour is a common wage invests an entire day targeting a company in order to obtain a $10,000 ransom, their potential payoff is huge.

There’s no doubt that if you’re not properly prepared, recovering from a ransomware attack will be difficult. You’re essentially limited to two things:

  1. Identify the source of the attack and make sure that the attack is stopped.
  2. Identify the key systems that will put you back in business or your organization back in operation, and what you need to do to recover.

But what may first appear as the most obvious systems required to remain in operation may actually be different than you might expect.

Determining what’s most important

In school districts, for example, many leaders identify payroll and student information systems as the most critical to keep their schools open. However, from an operational standpoint, that’s not necessarily the case.

Beyond a ransomware attack, if the school district were to suffer some kind of calamity or other disruptive event, many school districts can keep open without their payroll or student information system for a surprisingly long time. What the district couldn’t immediately operate without are transportation and food services, not to mention plumbing.

When you carefully examine IT systems that support overall operations, emotions need to be taken out of the equation before and after a ransomware attack. Three top-level concerns when in recovery are to determine:

  1. What’s been lost while identifying the quickest way to keep schools open.
  2. The bare minimum system requirements needed to resume operations and a recovery plan to restore those systems.
  3. The plan for avoiding a secondary attack. Should you decide to pay the attacker’s ransom, which some school districts do, your recovery may be promptly followed by another ransomware attack. 

Prepare now to fully recover later

If you’ve never been a victim of ransomware, consider yourself fortunate. But don’t let your guard down. Rather than waiting until after an attack happens, the best time to seek counsel on such threats and how you can prepare to effectively recover is before an attack happens.

Talking to someone who's actually worked with businesses and organizations that have been through ransomware attacks, and who understands how attackers think, will provide you a better perspective on what you need to protect yourself.

By setting up basic security technologies and sound management processes now that will limit your ransomware exposure, you’ll be much better prepared to stay in business or operation should you become a victim of a ransomware attack.

Featured

  • Collaboration Made Easy Using a Work Management Platform

    Effective collaboration between security operators, teams and other departments is critical to the smooth functioning of organizations. Yet, as organizations grow in complexity, it becomes more difficult for teams to coordinate with each other. This is compounded by staffing shortages, turnover and ineffective collaboration tools. Read Now

  • Creating a Safer World

    Managing and supporting locks and door hardware within a facility is a big responsibility. A building’s security needs to change over time as occupancy and use demands evolve, which can make it even more challenging. Read Now

  • Creating More Versatility

    Today, AI has become top of mind for most security professionals. It is the topic of conversation in the technology world and continues to transform the way data is used to make important business decisions. Read Now

  • Report: 78 Percent of CISOs Seeing Significant Impact from AI-Powered Cyber Threats

    Darktrace recently unveiled its 2025 State of AI Cybersecurity report. The findings reveal that 78% of Chief Information Security Officers (CISOs) surveyed say that AI-powered threats are having a significant impact on their organizations, a 5% increase1 from 2024. While an increasing number of CISOs report feeling a significant impact from AI threats, more than 60% now say that they are adequately prepared to defend against these threats, an increase of nearly 15% year-over-year. However, insufficient AI knowledge and skills and a shortage of personnel and talent continue to be listed as the two top inhibitors to a successful defense. Read Now

Most   Popular

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities