News

How to Recover from a Ransomware Attack

Thu, 09/15/2016 - 10:24
Redstor_Ransomware_Banner
Data Backup

Ransomware attacks are becoming more severe and the creators of this malware are always looking for new and cunning ways of circumventing security mechanisms. Ransomware is fundamentally a bullying tactic and those that are unprepared, like home users and everyday consumers, are easy targets – they’re also the typical profile of a ransomware victim. Education about ransomware isn’t really mainstream and unfortunately the average home user doesn’t always expect to be affected, which leaves them uninformed and unarmed.

Businesses are the New Targets

In recent years, businesses, including large corporations, have been targeted more and more, with attacks being highly focused and personalised to the target. Research by Symantec for the period between January 2015 and April 2016 has revealed that 57% of individual consumers were victims of a ransomware attack and 43% of organisations. It is clear that ransomware is no longer a problem experienced by only consumers, but businesses as well.

What to Do

When a machine has been infected, here are some basic steps to go through towards the recovery:

  1. Remove or isolate the infected device or machine from the network. This is effectively a quarantine measure preventing the ransomware infection from spreading. It also allows you to focus your efforts on the infected areas without affecting other data points.
  2. Attempt to remove the ransomware with the use of anti-malware software, if available. Though with the system locked down by ransomware, this is usually not possible.
  3. Failing Step 2, with the infection now contained, locate and retrieve the affected machine’s data backups.

The necessary prerequisites for Step 3 are stipulated in the FBI’s tips for a business continuity plan to help combat the effects of ransomware. Therein they recommend the following:

  • Making regular backups of data;
  • Verifying the integrity of these backups frequently;
  • And mirroring the backups to a secure (preferably off-site) server.

A comprehensive backup solution is your best chance of surviving a ransomware attack.

Instant Access to Your Data

Though many opt not to use data backups because they feel that recovering a full system would take too long. Instead, they choose to pay the ransom in the hopes that their now encrypted data will be released sooner. Unfortunately, there is no guarantee that the cybercriminals will not continue the extortion: they could give you the incorrect decryption key, or even delete your data.

That is why we recommend using a backup service provider that has the ability and functionality to quickly and effectively restore critical data – be it to recover an entire system or not. Redstor’s Backup Pro provides a capability known as InstantData that facilitates instant access to data, allowing you to either work on data while it is being restored or to recover a full bootable machine to a virtual machine within minutes. With these two options you are able to access critical data with almost zero downtime or to revert an entire infected system to a previous working state.

Recent Articles

Redstor_CryptoJacking_blog Data Protection

Crypto-jacker Leaves ICO In Its Wake

Cyber-attacks and ‘hacks’ made regular headlines throughout 2017, and in the UK the Information Commissioner’s Office (ICO), was there to oversee all... read more

February 15, 2018
Redstor_100Days_to_GDPR Data Protection

100 Days To Go…

Wednesday 14th February 2018, valentine’s day, but more significantly it’s 100 days until G-day. May 25th, 2018, the day on which The General Data... read more

February 14, 2018
Redstor_Why_backup_is_vital_blog Ransomware

Why Backup Is A Vital Tool In The Fight Against Cyber-crime

The last 18-months has seen several cyber-attacks and cyber-crimes taking down critical networks and affecting organizations across the globe. As... read more

February 13, 2018