Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.
When faced with a Ransomware attack the current wisdom is if your computer gets infected and it encrypts your files you have three basic options:
Pay the ransom
Restore from a backup
Cut your losses and format your computer
Typically, paying the ransom is never recommended, mainly because it does not guarantee to solve your problem. In addition, if the ransom is paid, it proves to the cyber-criminals that ransomware is effective. As a result, cyber-criminals will continue their activity and look for new ways to exploit systems that result in more infections and more money on their accounts.
Obviously, I would strongly recommend “backup” (back to basic) as best option and bear in mind that you have backup doesn’t mean you’re protected from ransomware however you’ll get your data back assuming restoration goes well.
Using Backup practical tips to recover from Ransomware.
Using 3-2-1 rule (The 3-2-1 rule states to have three different copies of your media, on two different media, one of which is off-site. This is great because it can address nearly any failure scenario and doesn’t require any specific technology. In the ransomware era, it’s a good idea to add another “1” to the rule where one of the media is offline. The offline storage options listed above highlighted a number of options where you can implement an offline or semi-offline copy of the data)
Backup to Disk, Tape (Typically you MUST define your RPO & RTO. It’s important to understand what your RPO/RTO is and how much data you could stand to lose if you were hit with ransomware and had to recover from your backup.
Backup to Cloud or Replicate to offsite (Replication is no longer a luxury — it’s part of your Availability strategy. Veeam’s 2-in-1: backup and replication™ provides you with a copy of your virtual machine (VM) in a ready-to-start state, so if a VM goes down, you can immediately fail over to a standby VM)
Veeam Backup Copy (The Veeam Backup Copy Job is a great mechanism to have restore points created on different storage and with different retention rules than the regular backup job. When the previous points above are incorporated, the backup copy job can be a valuable mechanism in a ransomware situation because there are different restore points in use with the Backup Copy Job)
Azure Backup (Unified solution to protect data on-premises and in the cloud)
Test you Backup (With SureBackup® and SureReplica,With Veeam SureBackup, Veeam SureReplica there’s no need to worry about recoverability because it is all tested! Guarantees recovery of every file, application or virtual server, every time by running automated recovery verification jobs)
Back to Basic – Backup! Backup! Backup! Use Backup to recover from Ransomware! Contact us today if you need any help for “Protection” and “Recovery” from Ransomware.