How to Recover from a Ransomware Attack

Thu, 15/09/2016 - 10:24
Data Backup

Ransomware attacks are becoming more severe and the creators of this malware are always looking for new and cunning ways of circumventing security mechanisms. Ransomware is fundamentally a bullying tactic and those that are unprepared, like home users and everyday consumers, are easy targets – they’re also the typical profile of a ransomware victim. Education about ransomware isn’t really mainstream and unfortunately the average home user doesn’t always expect to be affected, which leaves them uninformed and unarmed.

Businesses are the New Targets

In recent years, businesses, including large corporations, have been targeted more and more, with attacks being highly focused and personalised to the target. Research by Symantec for the period between January 2015 and April 2016 has revealed that 57% of individual consumers were victims of a ransomware attack and 43% of organisations. It is clear that ransomware is no longer a problem experienced by only consumers, but businesses as well.

What to Do

When a machine has been infected, here are some basic steps to go through towards the recovery:

  1. Remove or isolate the infected device or machine from the network. This is effectively a quarantine measure preventing the ransomware infection from spreading. It also allows you to focus your efforts on the infected areas without affecting other data points.
  2. Attempt to remove the ransomware with the use of anti-malware software, if available. Though with the system locked down by ransomware, this is usually not possible.
  3. Failing Step 2, with the infection now contained, locate and retrieve the affected machine’s data backups.

The necessary prerequisites for Step 3 are stipulated in the FBI’s tips for a business continuity plan to help combat the effects of ransomware. Therein they recommend the following:

  • Making regular backups of data;
  • Verifying the integrity of these backups frequently;
  • And mirroring the backups to a secure (preferably off-site) server.

A comprehensive backup solution is your best chance of surviving a ransomware attack.

Instant Access to Your Data

Though many opt not to use data backups because they feel that recovering a full system would take too long. Instead, they choose to pay the ransom in the hopes that their now encrypted data will be released sooner. Unfortunately, there is no guarantee that the cybercriminals will not continue the extortion: they could give you the incorrect decryption key, or even delete your data.

That is why we recommend using a backup service provider that has the ability and functionality to quickly and effectively restore critical data – be it to recover an entire system or not. Redstor’s Backup Pro provides a capability known as InstantData that facilitates instant access to data, allowing you to either work on data while it is being restored or to recover a full bootable machine to a virtual machine within minutes. With these two options you are able to access critical data with almost zero downtime or to revert an entire infected system to a previous working state.

Recent Articles

Redstor_Ransomware_Typewriters_blog Ransomware

Latest Ransomware Attacks Leave Organisation Working On Typewriters

Ransomware is a threat to all organisations and has been prevalent for a number of years. Although recent reports suggest that organisations are no... read more

August 09, 2018
Redstor_Reddit_blog Ransomware

Two-factor Becomes Hack-factor In Reddit Attack

The last few years have seen a number of high profile hacks, each growing in complexity and affecting masses of people. Strains of ransomware have... read more

August 07, 2018
Redstor_Dixons_super-breach_blog Disaster Recovery

Dixons Breach Becomes Super-breach Following Review

Earlier this year high street electronics firm Dixons Carphone revealed that a data breach had occurred the previous year, effecting over 1 million... read more

August 02, 2018