How to Recover from a Ransomware Attack

Thu, 15/09/2016 - 10:24
Data Backup

Ransomware attacks are becoming more severe and the creators of this malware are always looking for new and cunning ways of circumventing security mechanisms. Ransomware is fundamentally a bullying tactic and those that are unprepared, like home users and everyday consumers, are easy targets – they’re also the typical profile of a ransomware victim. Education about ransomware isn’t really mainstream and unfortunately the average home user doesn’t always expect to be affected, which leaves them uninformed and unarmed.

Businesses are the New Targets

In recent years, businesses, including large corporations, have been targeted more and more, with attacks being highly focused and personalised to the target. Research by Symantec for the period between January 2015 and April 2016 has revealed that 57% of individual consumers were victims of a ransomware attack and 43% of organisations. It is clear that ransomware is no longer a problem experienced by only consumers, but businesses as well.

What to Do

When a machine has been infected, here are some basic steps to go through towards the recovery:

  1. Remove or isolate the infected device or machine from the network. This is effectively a quarantine measure preventing the ransomware infection from spreading. It also allows you to focus your efforts on the infected areas without affecting other data points.
  2. Attempt to remove the ransomware with the use of anti-malware software, if available. Though with the system locked down by ransomware, this is usually not possible.
  3. Failing Step 2, with the infection now contained, locate and retrieve the affected machine’s data backups.

The necessary prerequisites for Step 3 are stipulated in the FBI’s tips for a business continuity plan to help combat the effects of ransomware. Therein they recommend the following:

  • Making regular backups of data;
  • Verifying the integrity of these backups frequently;
  • And mirroring the backups to a secure (preferably off-site) server.

A comprehensive backup solution is your best chance of surviving a ransomware attack.

Instant Access to Your Data

Though many opt not to use data backups because they feel that recovering a full system would take too long. Instead, they choose to pay the ransom in the hopes that their now encrypted data will be released sooner. Unfortunately, there is no guarantee that the cybercriminals will not continue the extortion: they could give you the incorrect decryption key, or even delete your data.

That is why we recommend using a backup service provider that has the ability and functionality to quickly and effectively restore critical data – be it to recover an entire system or not. Redstor’s Backup Pro provides a capability known as InstantData that facilitates instant access to data, allowing you to either work on data while it is being restored or to recover a full bootable machine to a virtual machine within minutes. With these two options you are able to access critical data with almost zero downtime or to revert an entire infected system to a previous working state.

Recent Articles

Redstor_GDPR_Arrival_blog Data Management

G-day Is Here!

The wait is over. The period for becoming compliant has finished and the General Data Protection Regulation (GDPR) is now in full effect.... read more

May 24, 2018
Redstor_Cloud_data_blog Online Backup

Is Your Cloud Data As Safe As You Think?

Cloud technology is fast becoming a stable in the IT strategies of all modern businesses. Well-known benefits like flexible and rapid deployment help... read more

May 22, 2018
Redstor_Wannacry_blog Ransomware

WannaCry A Year On

Ransomware attacks took up many headlines throughout 2016 and 2017 as their quantity and effect became widespread, costing organisations and... read more

May 16, 2018