How to Recover from a Ransomware Attack

How to Recover from a Ransomware Attack

Having the right cybersecurity solutions in place now will go a long way toward helping you recover from a ransomware attack later.

The discussion of ransomware isn’t as common as it once was.

Instead, recent conversations around IoT, cloud security and cryptojacking have gained a lot of traction lately. They’ve essentially overshadowed ransomware, which was once a top-of-mind cyber concern. Regardless, the threat of ransomware attacks remains very real and very potent.

What’s most alarming about ransomware — a type of malicious software designed to block access to a computer system until a sum of money is paid — is that once unleashed, it can wreak havoc on any business or organization regardless of its size.

Having the right cybersecurity solutions in place now will go a long way toward helping you recover from a ransomware attack later.

False sense of security trap

System security threats of all kinds, including ransomware, are essentially one or a combination of the following motivators. When someone attacks your system, typically:

  1. They’re trying to steal something of value from your business or organization.
  2. They're trying to steal something of value from your people.
  3. They're trying to prevent you from accessing systems that are valuable to you so that you'll pay a ransom to gain that access back.

With their security technologies in place, many businesses or organizations are lulled into a false sense of security about ransomware thinking they’re fully protected with antivirus measures. What they fail to understand though is how a ransomware attack can penetrate even the most seemingly well-prepared defenses. With ransomware, there are many points of entry, and only one has to work for the attacker.

Backup systems are vulnerable as well

Even backup systems themselves are vulnerable. When a VectorUSA client was hit with SamSam ransomware in 2018, the client lost 200 servers within 30 minutes and all of their backups. This attack was so effective because SamSam is ingeniously designed so victims can’t recover quickly because their backup systems were wiped out first.

While there is no single technology available to prevent all ransomware attacks, there are proactive measures you can take. Starting with basic blocking and tackling, it’s critical that you minimize your “attack surface.”  Next, your IT systems need to be segmented so when a ransomware attack does occur, you can easily isolate the damage and recover quickly. Finally, your backup systems have to be immune from the attack and be available in a reasonable amount of time to recover.

The larger your organization, the more scale comes into play. If, for example, your own organization has 200 servers in-house and your backup system is in the cloud, consider how long it will take to recover your data to rebuild those 200 systems.

Ransomware is growing in complexity

One of the most disturbing aspects of the threat from ransomware is its explosive growth in complexity over the past few years. Hacking has evolved into producing sophisticated organizations that offer help desks, toll-free phone numbers and more. Frighteningly, it all works very well.

And don’t think that these organizations only target large enterprises. Small businesses generating less than a million dollars a year are just as vulnerable.  And attacks on them can be very targeted by a very talented attacker.

For instance, if a hacker living in an area where $3 an hour is a common wage invests an entire day targeting a company in order to obtain a $10,000 ransom, their potential payoff is huge.

There’s no doubt that if you’re not properly prepared, recovering from a ransomware attack will be difficult. You’re essentially limited to two things:

  1. Identify the source of the attack and make sure that the attack is stopped.
  2. Identify the key systems that will put you back in business or your organization back in operation, and what you need to do to recover.

But what may first appear as the most obvious systems required to remain in operation may actually be different than you might expect.

Determining what’s most important

In school districts, for example, many leaders identify payroll and student information systems as the most critical to keep their schools open. However, from an operational standpoint, that’s not necessarily the case.

Beyond a ransomware attack, if the school district were to suffer some kind of calamity or other disruptive event, many school districts can keep open without their payroll or student information system for a surprisingly long time. What the district couldn’t immediately operate without are transportation and food services, not to mention plumbing.

When you carefully examine IT systems that support overall operations, emotions need to be taken out of the equation before and after a ransomware attack. Three top-level concerns when in recovery are to determine:

  1. What’s been lost while identifying the quickest way to keep schools open.
  2. The bare minimum system requirements needed to resume operations and a recovery plan to restore those systems.
  3. The plan for avoiding a secondary attack. Should you decide to pay the attacker’s ransom, which some school districts do, your recovery may be promptly followed by another ransomware attack. 

Prepare now to fully recover later

If you’ve never been a victim of ransomware, consider yourself fortunate. But don’t let your guard down. Rather than waiting until after an attack happens, the best time to seek counsel on such threats and how you can prepare to effectively recover is before an attack happens.

Talking to someone who's actually worked with businesses and organizations that have been through ransomware attacks, and who understands how attackers think, will provide you a better perspective on what you need to protect yourself.

By setting up basic security technologies and sound management processes now that will limit your ransomware exposure, you’ll be much better prepared to stay in business or operation should you become a victim of a ransomware attack.


  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity


New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3