Essential Guide

Get started Bring yourself up to speed with our introductory content.

Recovering from ransomware: Defend your data with best practices

Not every organization needs to worry about disasters like hurricanes or floods, but ransomware attacks are a threat regardless of region. Recovering from ransomware is no simple task, but help and guidance are out there.


The first step in recovering from ransomware is probably along the lines of "don't get attacked by ransomware," but as time goes by, that seems to become less of a possibility. The ransomware threat isn't going away and is actually evolving. Frankly, the best strategy for recovery might be to prepare for the worst.

According to the 2018 Verizon Data Breach Investigations Report, ransomware is the most prevalent form of malware attack, up from its spot at No. 22 in 2014 and No. 5 just last year. This rapid ascent up the ranks shouldn't come as a surprise to anyone keeping up with data protection news, but that doesn't make it any less alarming. Ransomware can be a costly disaster to recover from, even if you don't pay the ransom. In fact, the first rule of ransomware recovery should actually be "don't pay the ransom." There's no honor among data thieves, and payment does not guarantee the release of your data.

So, what is there to do? Plan ahead, for starters. As ransomware evolves, a simple backup plan won't cut it anymore, and you have to keep recovery in mind early on. Whether your data storage of choice is cloud, tape, disk or flash, you need to have a recovery plan catered to ransomware in particular. Unlike natural disasters, ransomware attacks can strike any organization in any region, and the results can be disastrous.

Your priorities when recovering from ransomware will likely differ based on your organization's needs. In many cases, it's not just a matter of getting your data back, but complying with data protection regulations or agreements. Whether your priority is business continuity (BC), compliance or simply getting your data back as quickly and cheaply as possible, this guide should help you gauge the threat ransomware poses for you and understand how prepared you are. Don't forget to stick around until the end, where you can test what you've learned with our ransomware recovery quiz.

1How big is the threat?-

Ransomware in the news

Is the onslaught of ransomware attacks a true crisis or overblown by observers? Unfortunately, headlines lean toward the former. There are methods that can help organizations prepare for and recover from ransomware, but as the technology being used by attackers evolves, the costs are proving to be high.


City of Atlanta reveals costs of recovering from ransomware

Total costs to remediate the 2018 Atlanta ransomware attack have been revealed to be more than $5 million, with expenses continuing to rise as contracts move toward protection. Continue Reading


Ransomware discussion takes stage at VeeamON

Protection and recovery from ransomware continue to be important parts of an overall backup and disaster recovery (DR) strategy. Advice, like ransomware itself, is constantly evolving. Continue Reading


The true cost of ransomware recovery

Estimates of recent ransomware attacks may be overblown. But indications are that companies have lost hundreds of millions from the WannaCry and NotPetya viruses. Continue Reading


Ransomware neutralizing backups as recovery option

Recent ransomware variants have undercut data backups, often used in the ransomware recovery process. Is it possible to overcome these vulnerabilities? Continue Reading


How ransomware changes have revealed new threats

Ransomware variants like WannaCry and NotPetya have introduced destruction-of-service attacks that make recovering from ransomware even more difficult and costly. Here's what you need to know about them. Continue Reading


Ransomware operations becoming more sophisticated

Ransomware attackers are no longer relying on simple phishing emails and are stepping up their game with new tactics. At the (ISC)2 Security Congress, experts discussed these changes and how to keep up. Continue Reading

2What can be done-

Recovery tools and methods

Recovering from ransomware is no easy process, but there are a number of tools on the market that can provide some assistance. It's not enough to simply back up data; a full backup and recovery strategy is vital to dealing with a ransomware threat.

Blog Post

Rubrik offers 'push-button' approach to ransomware recovery

Polaris Radar from Rubrik not only monitors data on premises and in the cloud and generates alerts for suspicious behavior, it automates ransomware recovery by restoring to the most recent clean copy of data. Continue Reading


Asigra converges security, data protection to confront ransomware

With Cloud Backup 14, Asigra converges security and data protection to fight and recover from ransomware that attacks data backups. Continue Reading


Iron Cloud adds 'CPR' to fight ransomware

Iron Mountain data recovery has taken on ransomware with the Iron Cloud Critical Protection and Recovery service that isolates data and features a cleanroom in the event of an attack. Continue Reading


Avoid paying the ransom for Bad Rabbit

Security researchers have learned more about the motivations behind the Bad Rabbit ransomware attacks and a potential way to recover data without paying. Continue Reading


Snapshots can help, but full recovery may require more

With snapshot-based backup, an organization can recover to a point in time just before a ransomware attack. But drawbacks do exist. Continue Reading

3Step by step-

Plans and best practices

A lot goes into the ransomware recovery process, and needs vary by organization. An SMB won't have the same needs or resources as an enterprise, and recovery compliance requirements may differ by industry. Delve into our tips and best practices on recovering from ransomware.


How enterprises can recover from ransomware attacks

Ransomware recovery can pose a challenge for enterprises, as there are several different options depending on the severity of the attack. Here, one expert dives into the nuclear options and the worst-case recovery scenario. Continue Reading


Five steps for successful SMB ransomware recovery

Ransomware recovery for SMBs shares some similarities with an enterprise response, but budgets are tighter and businesses are more susceptible to attack. Continue Reading


Planning tips for ransomware protection and recovery

Effective ransomware disaster recovery starts with BC/DR planning, education and proper security. This checklist provides important steps for enterprises. Continue Reading


Test your recovery plan before ransomware strikes

A ransomware recovery plan can help you ensure that backups are secure, and recovery point objectives and recovery time objectives are up-to-date, before an infection occurs. Continue Reading

4Terms to know-

Boost your ransomware vocabulary

Did some of the technologies or concepts in this guide sound unfamiliar? Interested in learning more about the complex world of ransomware? Check out these ransomware-related terms to get a refresher.

5Pop quiz-

Test your knowledge

You've read the guide and browsed the glossary. Think you know all there is to know about ransomware recovery? Take our quiz to find out.

Take our ransomware quiz now!

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.