How to Recover Your Data After a Ransomware Attack

In this article:
    Add a header to begin generating the table of contents

    Ransomware attacks are on the rise and as a result, so are downtime costs for businesses — by 200% year-over-year, to be exact. And that’s why businesses need to know how to recover their data quickly and efficiently. Data recovery strategies must include safeguards against malware attacks like ransomware.

    In this article, we’ll cover what your business should and shouldn’t do when it comes to recovering your data after a ransomware attacks in a way that decreases data loss and downtime costs. We will include sensible measures you should take to prevent malware attacks. Also, in the unhappy event your system is taken down by malware, there are steps you can take to prevent its spread and get your system back to normal.

    Before we begin…

    Everyone knows the value of backing up your system. You have backups in place, right? Consider this: if your backup devices are connected up to your system and you are hit by a ransomware attack, your backups won’t work. Ransomware seeks out backup devices connected to your network and encrypts those files as well.

    To avoid infection, those backup storage devices must be isolated from your network. You need a backup strategy that uses offsite cloud storage — like NexProtect — and at least one set of current backups offline, isolated and protected against ransomware.

    If you have a backup set offline locked away for emergency use, your recovery after a ransomware attack will be easier. As we shall see, if both your system and backup files are locked, you stand to lose data and may be forced to pay the ransom to free up your system.

    What to do before the attack…

    Include a malware response plan as part of your business disaster recovery planning.

    You need to answer these questions:

    • What aspects of your business must you recover immediately to stay in business?
    • What are your important products/services and how will they be impacted by a ransomware attack?
    • During an emergency, what amount of ‘downtime’ is acceptable, e.g. how long can you go without automated customer call centres, access to business records and processes, etc.?
    • Are the costs of downtime equal to or greater than the cost of having to pay the ransom?

    You need to relate your business processes to an IT system that could be crippled with a ransomware attack and tailor your response plan accordingly.

     

    FREE Laptop Backup Software — Protect your remote workers from ransomware today >>

     

    Take measures to prevent ransomware

    Know your enemy and how it sneaks into your system. Malware relies both on human and machine agents. Cyber criminals rely on social engineering and deception to trick individuals into giving up information that opens the front door to malware attacks. Email phishing, social media image traps, and instant messaging are powerful vehicles to contaminate your device and spread it to your friends.

    You can do your part in defeating a ransomware attack by:

    • Using anti-malware software like Norton and McAfee to block known payloads from launching.
    • Installing the latest security updates for your OS and applications. Always “Patch Early and Patch Often” in order to repair vulnerabilities in browsers, web plugins, and operating systems.
    • Practising cyber hygiene, such as using caution to prevent phishing attacks.
      Segmenting your networks to isolate critical computers and stop the spread of malware in case of attack. This includes shutting down unnecessary network sharing.
    • Restricting admin rights to only those users who require them — give everyone else the lowest system permissions required to do their work.
    • Restricting write permissions on file servers, to the extent possible.
    • Educating yourself on the best practices necessary to keep malware out of your system. Keep up with the latest email phishing scams and news by subscribing to cybersecurity newsletters.
    • Making frequent backups and isolating them from local networks and away from any potentially infected computer. Again, data backup and recovery is by far the most effective solution in reacting to a successful ransomware attack.

    You receive a ransom note, what can you do?

    Here are 5 suggested steps you should take if your system has been taken over by ransomware:

    1. Stop the spread and isolate the infection

    Isolate the infected computer from other computers and storage devices. The first step is to pull the plug from the Wi-Fi router and connected storage devices. Ransomware cryptoworms aggressively seek out connections to other computers and try to spread across the network to reach the source.

    Also, be aware that your computer may not be the only one infected. Spread the news and treat all networked computers as possible carriers and spreaders of the ransomware.

    2. Identify the type of ransomware infection

    Your ransom note will most likely tell you what type ransomware has invaded your system. Websites like ID Ransomware and the No More Ransomware! Project can help. Knowing what infection has occurred can help in deciding what your options are for disinfection and removal.

    3. Report the infection to UK authorities

    As with any crime, you should always report ransomware incident regardless of the outcome. This gives authorities a better understanding of the threats as well as a foundation for ongoing ransomware investigations. Report cybercrime and fraud in the UK to the National Fraud & Cyber Crime Reporting Centre website and follow the reporting instructions.

    4. Explore your options

    Option 1: Try to remove the malware.

    According to the No More Ransom! Project, “it is sometimes possible to help infected users to regain access to their encrypted files… without having to pay. We have created a repository of keys and applications that can decrypt data locked by different types of ransomware.”

    The downside of the aforementioned optimism is that in the leapfrog battle between hackers and the struggle to defeat them, once your system has been encrypted, you still could lose all, most or some of your data. Before giving up, however, you should shop around for a ransomware recovery service.

    Option 2: Pay the ransom.

    This is the shortcut to recover your data. The UK’s NCSC generally advises NOT to pay the ransom, since it both rewards criminal activity and is no guarantee that the perpetrator will free up your data. The majority of malware crooks want to stay in business and most keep their word by sending decryption keys to their victims. Some, however, take the money and run, or don’t use ransom software that can actually undo its damage.

    So, it’s really up to you. Your cost-benefit analysis and disaster recovery planning come into play here. When you weigh the price of paying the ransom to the price of losing your proprietary and irreplaceable data, you could be among the 65 percent of ransomware victims who pay the ransom. But it’s important to remember that paying the ransom is no guarantee to retrieving your data.

    Option 3: Use Cloudian and Veeam’s ransomware-proof data storage and backup solution >>

    5. Wipe your system and reinstall everything from scratch

    If neither of the two options above pan out, you can get rid of the infection by removing the malware and restoring from a clean backup or wiping your system and reinstalling everything from scratch. A clean wipe is analogous to burning down your home to rid it of vermin infestation. That process requires erasing everything and reformatting hard disks and storage devices.

    Whether you burn down your system or do a system restore, either process is time-consuming and results in downtime as you restore everything. Both require installing anti-malware software and doing a full system scan to disinfect your network. In the case of restoring from a backup, your backup files must have been isolated from the original encrypting ransomware.

    To sum up, wiping clean means reinstalling everything: the operating system and all applications. The restoration approach involves extra steps from a clean boot to antivirus scans, and then restoring the system to a time before the infection. The final step, restoring files from a clean backup is what prevents the loss of your data.

    Make your backups ransomware-proof and quickly recover from attacks
    If you run a business in the UK, you are vulnerable to ransomware and other malware attacks. If you have been attacked in the past, you will need to make sure you are prepared for another. Once ransomware has locked up your system, your best option — aside from taking a chance and paying the ransom — is an investment in ransomware-proof backup software.

    How can you prevent an attack in the first place?

    One highly effective ransomware-proof backup product is Cloudian. Cloudian’s Hyperstore uses the ‘object-lock’ storage process. That filing scheme stores data as objects, which can neither be deleted nor modified, making them tamper-proof. They have also partnered with Veeam’s Availability Suite v10, which boasts immutable backups, providing a unique ransomware-proof data storage and backup solution.

    Arcserve also provides free backup software for protecting remote workers. Ransomware attackers have been targeting employees working from home by exploiting vulnerable security tools such as VPNs (Virtual Private Networks). It only takes one laptop to become infected to give attackers access to a whole network, and Arcserve’s solution helps prevent this.

    Ultimately, the best solution to avoiding or coping with inevitable malware attacks to your business is doing your research. The same internet that conceals hackers and malware is a treasure trove in locating the right IT specialists who can keep your business safe and shore up your cloud presence with the best infrastructure services.

    Get your instant Cloudian quote in under 2 minutes

    Use our quote generator today to get the best Cloudian object storage solution prices and protect your data from ransomware.

    Avatar

    Troy Platts

    Troy has spent over 20 years helping organisations solve their data, storage and compute conundrums. He is a regular speaker at vendor events and spends any free time he has keeping abreast of advances in data platform technologies. He also makes a mean curry.

    Subscribe to receive the latest content from Nexstor


      By clicking subscribe you accept our terms and conditions and privacy policy. We always treat you and your data with respect and we won't share it with anyone. You can always unsubscribe at the bottom of every email.