BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Recovering from ransomware: Defend your data with best practices
-
Article
City of Atlanta reveals costs of recovering from ransomware
Total costs to remediate the 2018 Atlanta ransomware attack have been revealed to be more than $5 million, with expenses continuing to rise as contracts move toward protection. Read Now
-
Article
Ransomware discussion takes stage at VeeamON
Protection and recovery from ransomware continue to be important parts of an overall backup and disaster recovery (DR) strategy. Advice, like ransomware itself, is constantly evolving. Read Now
-
Article
The true cost of ransomware recovery
Estimates of recent ransomware attacks may be overblown. But indications are that companies have lost hundreds of millions from the WannaCry and NotPetya viruses. Read Now
-
Article
Ransomware neutralizing backups as recovery option
Recent ransomware variants have undercut data backups, often used in the ransomware recovery process. Is it possible to overcome these vulnerabilities? Read Now
Editor's note
The first step in recovering from ransomware is probably along the lines of "don't get attacked by ransomware," but as time goes by, that seems to become less of a possibility. The ransomware threat isn't going away and is actually evolving. Frankly, the best strategy for recovery might be to prepare for the worst.
According to the 2018 Verizon Data Breach Investigations Report, ransomware is the most prevalent form of malware attack, up from its spot at No. 22 in 2014 and No. 5 just last year. This rapid ascent up the ranks shouldn't come as a surprise to anyone keeping up with data protection news, but that doesn't make it any less alarming. Ransomware can be a costly disaster to recover from, even if you don't pay the ransom. In fact, the first rule of ransomware recovery should actually be "don't pay the ransom." There's no honor among data thieves, and payment does not guarantee the release of your data.
So, what is there to do? Plan ahead, for starters. As ransomware evolves, a simple backup plan won't cut it anymore, and you have to keep recovery in mind early on. Whether your data storage of choice is cloud, tape, disk or flash, you need to have a recovery plan catered to ransomware in particular. Unlike natural disasters, ransomware attacks can strike any organization in any region, and the results can be disastrous.
Your priorities when recovering from ransomware will likely differ based on your organization's needs. In many cases, it's not just a matter of getting your data back, but complying with data protection regulations or agreements. Whether your priority is business continuity (BC), compliance or simply getting your data back as quickly and cheaply as possible, this guide should help you gauge the threat ransomware poses for you and understand how prepared you are. Don't forget to stick around until the end, where you can test what you've learned with our ransomware recovery quiz.
1Recovery tools and methods
Recovering from ransomware is no easy process, but there are a number of tools on the market that can provide some assistance. It's not enough to simply back up data; a full backup and recovery strategy is vital to dealing with a ransomware threat.
-
Blog
Rubrik offers 'push-button' approach to ransomware recovery
Polaris Radar from Rubrik not only monitors data on premises and in the cloud and generates alerts for suspicious behavior, it automates ransomware recovery by restoring to the most recent clean copy of data. Read Now
-
Article
Asigra converges security, data protection to confront ransomware
With Cloud Backup 14, Asigra converges security and data protection to fight and recover from ransomware that attacks data backups. Read Now
-
Article
Iron Cloud adds 'CPR' to fight ransomware
Iron Mountain data recovery has taken on ransomware with the Iron Cloud Critical Protection and Recovery service that isolates data and features a cleanroom in the event of an attack. Read Now
-
Article
Avoid paying the ransom for Bad Rabbit
Security researchers have learned more about the motivations behind the Bad Rabbit ransomware attacks and a potential way to recover data without paying. Read Now
-
Article
Snapshots can help, but full recovery may require more
With snapshot-based backup, an organization can recover to a point in time just before a ransomware attack. But drawbacks do exist. Read Now
2Plans and best practices
A lot goes into the ransomware recovery process, and needs vary by organization. An SMB won't have the same needs or resources as an enterprise, and recovery compliance requirements may differ by industry. Delve into our tips and best practices on recovering from ransomware.
-
Article
How enterprises can recover from ransomware attacks
Ransomware recovery can pose a challenge for enterprises, as there are several different options depending on the severity of the attack. Here, one expert dives into the nuclear options and the worst-case recovery scenario. Read Now
-
Article
Five steps for successful SMB ransomware recovery
Ransomware recovery for SMBs shares some similarities with an enterprise response, but budgets are tighter and businesses are more susceptible to attack. Read Now
-
Article
Planning tips for ransomware protection and recovery
Effective ransomware disaster recovery starts with BC/DR planning, education and proper security. This checklist provides important steps for enterprises. Read Now
-
Article
Test your recovery plan before ransomware strikes
A ransomware recovery plan can help you ensure that backups are secure, and recovery point objectives and recovery time objectives are up-to-date, before an infection occurs. Read Now
3Boost your ransomware vocabulary
Did some of the technologies or concepts in this guide sound unfamiliar? Interested in learning more about the complex world of ransomware? Check out these ransomware-related terms to get a refresher.
-
Definition
Antivirus software
Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems. Read Now
-
Definition
Command-and-control server
A command and control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware. Read Now
-
Definition
Cyberextortion
Cyberextortion is a crime involving an attack or threat of an attack coupled with a demand for money or some other response in return for stopping or remediating the attack. Read Now
-
Definition
Deep web
Deep Web content includes email messages, chat messages, private content on social media sites, electronic bank statements, electronic health records and other content that is accessible over the Internet but is not crawled and indexed by search engines. Read Now
-
Definition
Disaster recovery
Disaster recovery strategies are critical, as many businesses fail following an unforeseen event. DR may require an internal or external site when a main data center is down. Read Now
-
Definition
Disaster recovery plan
A company's disaster recovery policy is enhanced with a documented DR plan that formulates strategies, and outlines preparation work and testing. Read Now
-
Definition
Encryption
Encryption is the method by which information is converted into secret code that hides the information's true meaning. The science of encrypting and decrypting information is called cryptography. Read Now
-
Definition
Malware
Malware, or malicious software, is any program or file that is harmful to a computer user. Read Now
-
Definition
Phishing
Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. Read Now
-
Definition
Ransomware
Ransomware is a subset of malware in which the data on a victim's computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access is returned to the victim. Read Now
-
Definition
Ransomware recovery
Ransomware recovery is the process of resuming options following a cyberattack that demands payment in exchange for unlocking encrypted data. Read Now
-
Definition
Trojan horse
In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious. Read Now
4Test your knowledge
You've read the guide and browsed the glossary. Think you know all there is to know about ransomware recovery? Take our quiz to find out.