When ransomware gets through your multi-layered security defences and actually infects your network, pandemonium can quickly set in; a reality that organisations faced globally just last month.
The need to get back on track with business operating as usual as quickly as possible can force some to believe that the only viable option is paying up and just hoping that the whole awful event will go away, and that they skip over the part where customers view your brand as tarnished.
But paying the ransom is often not the answer as:
- There is no guarantee that they will release your data.
- Criminals may come to consider you as a lucrative money source, making you an appealing target for future attacks
- You contribute to the success of criminals, and ‘reward’ them for their criminal activity.
So if paying the ransom isn’t the answer, how do you rescue your organisational data from cyber criminals?
Minimise the spread throughout your network:
Stopping the spread of ransomware throughout the organisational network must be the primary concern. In a ransomware rescue plan, the first step must be to unplug the infected PC from the network, disconnect network shares, and unplug external devices.
Assess the extent of the damage:
Once the infected systems have been contained, the next step must be to establish the extent of the damage and understand which systems have become infected. Part of this process should be to determine where the infection originated and how it gained access to the network.
Identify the ransomware:
Once the source or sources of the ransomware has been established, steps can be taken to identify the type and nature of the malware infecting your systems and determine the best procedure for its removal. Information and tools are available online in abundance which can be used to assist in the identification process.
Remove the malware:
If the outbreak was contained quickly and effectively in step one, then removing the malware may not be an overly long or complex process. However, if multiple systems across the network have become infected, then you can expect this to be a lot more complex.
Decrypt your files:
You may be lucky to find that the malware used to infect your files has a decryption tool, which means that regaining access to your files could be an experience that is slightly less painful than anticipated. However, there are no guarantees.
Restore using Backup and Disaster Recovery tools:
It becomes almost impossible to guarantee the integrity of organisational systems after attack, making it essential that organisations consider a complete re-installation of operating systems and other potentially infected applications.
Manually rebuilding these would be an arduous task, and one that would only delay the organisations ability to return to business as usual, which is why many IT teams rely on backed up data as an alternative to starting from scratch.
Data backups are often the best defence against ransomware as they ensure your systems were not left vulnerable to the threat of theft in the first place. With regular backups and enforced business continuity guidelines, you can be assured that even if organisational systems or servers become locked, it doesn’t mean that your data is lost forever.
Regular backups, shadow volume copies, current system restore images and other data protection tools can be used to restore these systems and any files which cannot be decrypted. By relying on securely stored backups, organisations can be assured that the infected systems are being restored to clean images.
Once business operations have returned to normal, the next step is to completely investigate how your systems became infected, allowing you to identify your vulnerabilities and minimise them going forward.
Re-evaluate your Backup and Disaster Recovery protocols:
Having played a major role in the restoration of your data, it is important to evaluate how well your backup and disaster recovery protocols worked. Did the recovery fall within the parameters set by business continuity objectives? Was any business critical data lost? Should the RTO and RPO’s be revised? How well organised are your backups?
All of these questions should be asked and the answers should be used to improve the organisational backup and disaster recovery strategy.
Check out our free infographic to discover more about ransomware key facts and tips for protecting your business and employees.