Stop Ransomware 5 – Restoring After Ransomware

Industry expertise by Martin Bannister, written by Jason Eichner

This is part 5 of our Stop Ransomware series, you can read part 1 here.

So, you’ve set up all the security you need to prevent ransomware – but you know that no security is 100% effective, so you’ve made the wise decision to back up your files as well, to ensure that even if you get ransomware your files are safe.

However, not every backup solution will work as well the others – let’s take a look at a few important points to be aware of when setting up a disaster recovery system.

No Offsite Backups

A backup drive onsite is a very good first step in the disaster recovery process. Connected to each computer via the network, onsite backups will typically take copies of each machine at regular intervals, ready to restore at a moment’s notice.

Did you see the security flaw, though? “Connected to each computer via the network.” This is where this system can fall down. Intelligent ransomware will often connect to a network and iterate through every connected device, looking for new things to infect – this includes onsite drives on the network! We at Kogo have seen instances recently where a company was certain they were protected because they had full backups; only when they went to restore their systems they discovered their backups were just as uselessly encrypted as their other files!

This isn’t to say onsite backups are bad, though – onsite backups are quick and easy, and are well worth using. However, to properly secure against ransomware those onsite backups should then be backed up again offsite, using a dedicated backup service.

The best offsite backup services will use intelligent file streaming so backups are only uploaded when the internet isn’t otherwise needed, and at a rate the network can manage.

Even if you don’t get ransomware, onsite backups are also susceptible to natural disasters such as flooding, which offsite backups are safe from.

Image or File Backups?

This question has been asked a lot– should your backup system be file based, or image based? Let’s quickly take a look at the difference.

File based backups are just that – backups of individual files. This means specific high value files or directories can be selected for backup individually.

Image based backups are significantly more sophisticated – an image based backup creates a single compressed archive of an entire drive or system, backing up absolutely everything on it.

It is hard to recommend file based backups these days. File based backups may have a minor advantage in backup file size, but given the scale of available hard drives these days, and the compression methods image based backups use, even this benefit has worn thin.

Image based backups can take full copies of system files, meaning entire infected systems can be restored at once. File based backups are often too susceptible to corruption for active system restoration.

Image backups can also be used in another way. Should your entire system be encrypted, it is likely to take time to fully restore the entire structure, whatever restoration method is used. The image of your clean system can be used in the meantime to run on a virtual environment, meaning even while your system is restored you can continue to work.

Disaster Recovery Plans

If your system goes down due to a ransomware infection, does everybody in your organisation know what to do? Do you know who to contact, who has what role in the file recovery and business continuity workflow?

Disaster recovery plans are a vital part of getting your systems back online efficiently, with as little disruption to your business as possible. By having a full and up to date disaster recovery plan, you can be sure that during an emergency the proper experts will be notified, the right contacts will be alerted, and everybody will be back to work as quickly as possible.

Given the impact a disaster recovery plan can have on a business’ response times and recovery after a disaster, it may well be worth bringing in outside experts to ensure everything is properly covered in your plan.

Disaster recovery plans are a vital part of getting your systems back online efficiently, with as little disruption to your business as possible. By having a full and up to date disaster recovery plan, you can be sure that during an emergency the proper experts will be notified, the right contacts will be alerted, and everybody will be back to work as quickly as possible.

Given the impact a disaster recovery plan can have on a business’ response times and recovery after a disaster, it may well be worth bringing in outside experts to ensure everything is properly covered in your plan.

Get a Free Ransomware Booklet

All these points and more appear in our “What is Ransomware?” booklet. Fill out the form below and we’ll rush you a free copy of the book straight away!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

*