How to Recover from a Ransomware Attack
Ransomware attacks are becoming more severe and the creators of this malware are always looking for new and cunning ways of circumventing security mechanisms. Ransomware is fundamentally a bullying tactic and those that are unprepared, like home users and everyday consumers, are easy targets – they’re also the typical profile of a ransomware victim. Education about ransomware isn’t really mainstream and unfortunately the average home user doesn’t always expect to be affected, which leaves them uninformed and unarmed.
Businesses are the New Targets
In recent years, businesses, including large corporations, have been targeted more and more, with attacks being highly focused and personalised to the target. Research by Symantec for the period between January 2015 and April 2016 has revealed that 57% of individual consumers were victims of a ransomware attack and 43% of organisations. It is clear that ransomware is no longer a problem experienced by only consumers, but businesses as well.
What to Do
When a machine has been infected, here are some basic steps to go through towards the recovery:
- Remove or isolate the infected device or machine from the network. This is effectively a quarantine measure preventing the ransomware infection from spreading. It also allows you to focus your efforts on the infected areas without affecting other data points.
- Attempt to remove the ransomware with the use of anti-malware software, if available. Though with the system locked down by ransomware, this is usually not possible.
- Failing Step 2, with the infection now contained, locate and retrieve the affected machine’s data backups.
- Making regular backups of data;
- Verifying the integrity of these backups frequently;
- And mirroring the backups to a secure (preferably off-site) server.
A comprehensive backup solution is your best chance of surviving a ransomware attack.
Instant Access to Your Data
Though many opt not to use data backups because they feel that recovering a full system would take too long. Instead, they choose to pay the ransom in the hopes that their now encrypted data will be released sooner. Unfortunately, there is no guarantee that the cybercriminals will not continue the extortion: they could give you the incorrect decryption key, or even delete your data.
That is why we recommend using a backup service provider that has the ability and functionality to quickly and effectively restore critical data – be it to recover an entire system or not. Redstor’s Backup Pro provides a capability known as InstantData that facilitates instant access to data, allowing you to either work on data while it is being restored or to recover a full bootable machine to a virtual machine within minutes. With these two options you are able to access critical data with almost zero downtime or to revert an entire infected system to a previous working state.