How to Recover from a Ransomware Attack

How to Recover from a Ransomware Attack

posted in Backup & Recovery ● 15 Sep 2016

Ransomware attacks are becoming more severe and the creators of this malware are always looking for new and cunning ways of circumventing security mechanisms. Ransomware is fundamentally a bullying tactic and those that are unprepared, like home users and everyday consumers, are easy targets – they’re also the typical profile of a ransomware victim. Education about ransomware isn’t really mainstream and unfortunately the average home user doesn’t always expect to be affected, which leaves them uninformed and unarmed.

Businesses are the New Targets

In recent years, businesses, including large corporations, have been targeted more and more, with attacks being highly focused and personalised to the target. Research by Symantec for the period between January 2015 and April 2016 has revealed that 57% of individual consumers were victims of a ransomware attack and 43% of organisations. It is clear that ransomware is no longer a problem experienced by only consumers, but businesses as well.

What to Do

When a machine has been infected, here are some basic steps to go through towards the recovery:

  1. Remove or isolate the infected device or machine from the network. This is effectively a quarantine measure preventing the ransomware infection from spreading. It also allows you to focus your efforts on the infected areas without affecting other data points.
  2. Attempt to remove the ransomware with the use of anti-malware software, if available. Though with the system locked down by ransomware, this is usually not possible.
  3. Failing Step 2, with the infection now contained, locate and retrieve the affected machine’s data backups.

The necessary prerequisites for Step 3 are stipulated in the FBI’s tips for a business continuity plan to help combat the effects of ransomware. Therein they recommend the following:

  • Making regular backups of data;
  • Verifying the integrity of these backups frequently;
  • And mirroring the backups to a secure (preferably off-site) server.

A comprehensive backup solution is your best chance of surviving a ransomware attack.

Instant Access to Your Data

Though many opt not to use data backups because they feel that recovering a full system would take too long. Instead, they choose to pay the ransom in the hopes that their now encrypted data will be released sooner. Unfortunately, there is no guarantee that the cybercriminals will not continue the extortion: they could give you the incorrect decryption key, or even delete your data.

That is why we recommend using a backup service provider that has the ability and functionality to quickly and effectively restore critical data – be it to recover an entire system or not. Redstor’s Backup Pro provides a capability known as InstantData that facilitates instant access to data, allowing you to either work on data while it is being restored or to recover a full bootable machine to a virtual machine within minutes. With these two options you are able to access critical data with almost zero downtime or to revert an entire infected system to a previous working state.

Benefits of Automated Data Management

7 pay-offs one-stop data management gives MSPs

The Covid-19 pandemic has forced many managed service providers to seek faster, easier and more scalable ways to manage their customers’ data.

Continue reading

POPIA makes SA CEOs more accountable

Following a three-month delay due to coronavirus – and more than seven years after its enactment – the Protection of Personal Information (POPI) Act has finally come into force. 

Continue reading
Microsoft Teams Backup

6 reasons why you need Microsoft Teams backup

The huge uptake in Microsoft’s Teams app is yet another indication that we have changed the way we work – maybe forever.

Continue reading