A Step By Step Guide to Ransomware Disaster Recovery

A Step By Step Guide to Ransomware Disaster RecoveryRansomware attacks are steadily rising and evolving. These attacks threaten the business continuity of an organization, which can prevent business operations from ever resuming after being disrupted. As a result, organizations can lose money and credibility. For that reason, enterprises must have a ransomware disaster recovery plan for when they experience an attack.

The initial step to take when creating a ransomware disaster recovery plan is to determine which data sets and systems are vital to business operations and record them in a list. Ask yourself, “how long will our business last without this element?” as a way to identify which components are the most essential.

Next, you’ll want to begin developing your recovery strategy. When creating your plan, you are assuming that at least one of your vital data sets has been encrypted by ransomware and that you are unable to decrypt it or pay the ransom. At this point, use your list of critical business elements to determine your recovery time objectives (RTOs) and recovery point objectives (RPOs). This will assist you in determining your backup strategy.

Figuring out how a successful ransomware attack would affect your business is the next step. Depending on the ransomware, the extent of an attack could affect one nonessential endpoint, or it could infect the workloads of your CEO. In the latter scenario, the ransomware attack could start with the CEO’s workloads and spread to various endpoints throughout the company. 

Doing a cost analysis is the next step in the process. The purpose of this is to determine whether you will pay the ransom or not. Identify what data you need to recover and consider the math concerning the payments. Many ransomware authors treat their attacks like a business. Therefore, there is a good chance that you will receive a legitimate decryption key from them. However, some attackers ask for a large sum of money with no intention of returning your data or providing a decryption key, in which case it’s cheaper to just recover everything.

Finally, your last step is recovery. At this point, you’ll restore your data and systems back to their pre-ransomware states.

The best way to prepare for ransomware is to assume that the attack will get past your defenses. This causes you to feel the need to prepare yourself and create a comprehensive and thorough ransomware disaster recovery plan. After your plan is in place, ransomware becomes less of a threat to your business, and more of an annoyance.

Tess Hanna
Follow Tess