![\"\"](\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2025\/03\/Insight-Jam-Logo-2025-Square.png\")
<\/a><\/p>\nRansomware\u2019s gotten easier to launch and harder to contain. Even teams with solid controls can still end up with encrypted systems and reinfections upon recovery. That\u2019s not a reason to give up on prevention. It\u2019s a reason to stop treating backup and recovery as a compliance-driven insurance problem and start treating it as an operational capability.<\/span>\u00a0<\/span><\/p>\nWhen ransomware hits, the gap usually isn\u2019t a lack of tools. It\u2019s the ever-evolving threat landscape and a lack of repeatable, verifiable cyber recovery processes. Recovery becomes a scramble: Which systems are safe? Who has the authority to shut things down? What do we restore first? How do we avoid reintroducing the attacker during rebuild?<\/span>\u00a0<\/span><\/p>\nA practical ransomware recovery strategy comes down to three phases: prepare before the incident, control the blast radius during it, and restore in a way that\u2019s measurable, verifiable, and less likely to repeat:<\/span><\/p>\n\n- Prepare in advance: <\/span><\/b>Recovery starts now, not after an attack. Make decisions today that limit attacker movement and speed rebuilding.\u00a0It\u2019s\u00a0critical to make cyber recovery a part of the overall incident response process and make sure\u00a0it\u2019s\u00a0tested and verified on an ongoing basis \u2013 preferably via automation.<\/span><\/li>\n
- Harden identity & access:<\/span><\/b>\u00a0Most ransomware involves credential abuse. Enforce least privilege, reduce standing admin access, separate admin accounts, and tighten controls around privileged actions.<\/span><\/li>\n
- Protect management planes: <\/span><\/b>Backup consoles, hypervisors, and admin tools are high-value targets. Lock them down with MFA, restricted access, monitoring, and role separation.<\/span><\/li>\n
- Document a usable incident plan: <\/span><\/b>Define roles, escalation paths, contacts, and external partners now, including legal, insurance, forensics, and law enforcement.<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
Align backup testing with your incident response process. Backups should be isolated, immutable, and regularly restored\u2014if recovery\u00a0hasn\u2019t\u00a0been tested under pressure, it\u00a0can\u2019t\u00a0be trusted.<\/span>\u00a0<\/span><\/p>\nA simple way\u00a0to make this real is to define three things for critical services:<\/span>\u00a0<\/span><\/p>\n\n- RPO<\/span><\/b>: How much data loss you can tolerate<\/span>\u00a0<\/span><\/li>\n
- RTO<\/span><\/b>: How long you can be down<\/span>\u00a0<\/span><\/li>\n
- Restore order<\/span><\/b>: What must come back first, second, third<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
\u00a0<\/span>Those decisions are what turn backups into recoverability and provide assurance for cyber resiliency. <\/span>\u00a0<\/span><\/p>\nWhen Ransomware Hits, Run Containment & Investigation in parallel<\/span><\/b><\/h3>\nA lot of guidance says, find the root cause first, then recover. In the real world, you\u00a0don\u2019t\u00a0usually get that luxury. The better mental model is two tracks:\u00a0contain\u00a0quickly to stop the\u00a0bleeding, and\u00a0investigate in parallel to understand scope and entry.<\/span>\u00a0<\/span><\/p>\nSome ransomware is loud, but many incidents start quietly: unusual authentication patterns, privilege changes, file modification, disabled tools, suspicious backup deletions, or exfiltration alerts. If you suspect ransomware activity, assume the\u00a0attacker\u2019s\u00a0already moving laterally.<\/span>\u00a0<\/span><\/p>\nContainment Moves That Buy You Time<\/span><\/b><\/h4>\n\n- Isolate affected hosts and segments, not just individual endpoints<\/span>\u00a0<\/span><\/li>\n
- Disable or rotate compromised accounts, and revoke active sessions and tokens where possible<\/span>\u00a0<\/span><\/li>\n
- Block known malicious IPs and command-and-control paths<\/span>\u00a0<\/span><\/li>\n
- Freeze risky admin activity until you can\u00a0validate\u00a0who\u2019s\u00a0who<\/span>\u00a0<\/span><\/li>\n
- Protect backup infrastructure and management planes\u00a0immediately<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
At the same time, scope the incident: which accounts were used, what was accessed, what persistence exists, what was encrypted, and whether data was exfiltrated. Forensics matters, but so does uptime: capture key logs, snapshots, configuration changes, and representative system images without delaying containment, and coordinate early with legal and incident response teams.<\/span>\u00a0<\/span><\/p>\nDecide on Payment with Governance, Not Panic<\/span><\/b><\/h3>\nOne of the most stressful decisions in a ransomware event is whether to pay for a decryption key. There\u00a0isn\u2019t\u00a0a single answer that fits every organization, but there are consistent truths:<\/span>\u00a0<\/span><\/p>\n\n- Payment isn\u2019t guaranteed for recovery. Decryptors may fail or never arrive.<\/span>\u00a0<\/span><\/li>\n
- It\u00a0won\u2019t\u00a0stop data\u00a0leaks. Exfiltrated data can still be published.<\/span>\u00a0<\/span><\/li>\n
- It can raise future\u00a0risk. Signals willingness to pay and may attract repeat attacks.<\/span>\u00a0<\/span><\/li>\n
- Legal matters. Sanctions, compliance, insurers, and counsel should be involved.<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
The point isn\u2019t to moralize. It\u2019s to ensure the decision is made through a defined process with the right stakeholders, technical feasibility of restoration, and legal guidance.<\/span>\u00a0<\/span><\/p>\nRemediate Before You Restore, or You\u2019ll Reintroduce the Attacker<\/span><\/b><\/h3>\nRecovery fails when organizations restore systems into an environment\u00a0that\u2019s\u00a0still compromised.<\/span>\u00a0<\/span><\/p>\nBefore you bring critical services back:<\/span>\u00a0<\/span><\/p>\n\n- Close the\u00a0initial\u00a0access path\u00a0<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
\n- Reset privileged credentials and remove unnecessary standing access<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
\n- Validate administrative control planes\u00a0<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
\n- Confirm security tooling is healthy and reporting\u00a0<\/span>\u00a0<\/span><\/li>\n<\/ul>\n
A useful practice here is to rebuild from known-good baselines, not from \u201cwhatever was running yesterday.\u201d Golden images and clean configurations speed recovery and reduce uncertainty.<\/span>\u00a0<\/span><\/p>\nRestore in Stages, with Verification Gates<\/span><\/b><\/h3>\nThe fastest restore is the one you can trust. That means restoring in a sequence, into a controlled environment, with checks before reconnecting systems to production.<\/span>\u00a0<\/span><\/p>\nA common restore order prioritizes foundational layers first \u2014 identity, security, and infrastructure \u2014 before business services, data platforms, and endpoints.<\/span>\u00a0<\/span><\/p>\nYour environment will differ, but the principle holds: restore what you need to authenticate, manage,\u00a0observe, and protect before you restore what users rely on.<\/span>\u00a0<\/span><\/p>\nBefore declaring recovery complete,\u00a0validate\u00a0a basic checklist: patch status, clean security scan, no indicators of compromise, reviewed privileged access, and verified data integrity. Skipping\u00a0this risks\u00a0restoring clean data onto infected\u00a0systems, or\u00a0reinfecting from a compromised image.<\/span>\u00a0<\/span><\/p>\nRun a Blameless Postmortem<\/span><\/b><\/h3>\nAfter an incident, avoid focusing on a single user or system \u2014 most ransomware succeeds because multiple controls fail together across identity, segmentation, patching, monitoring, admin hygiene, or backups.<\/span>\u00a0<\/span><\/p>\nA blameless postmortem should answer: How did access occur? How did privilege escalate? How did lateral movement happen? What\u00a0failed to\u00a0alert us? What slowed recovery? What prevents this from happening again?<\/span>\u00a0<\/span><\/p>\nThen prioritize one or two high-leverage fixes, often hardening privileged access, tightening segmentation, improving backup isolation and immutability, and running regular restore drills.<\/span>\u00a0<\/span><\/p>\nClosing the Gap is About Operational Readiness<\/span><\/b><\/h4>\nRansomware resilience\u00a0isn\u2019t\u00a0just about keeping\u00a0attackers out.\u00a0It\u2019s\u00a0about being able to bring systems back in a way\u00a0that\u2019s\u00a0fast, repeatable, and defensible.<\/span>\u00a0<\/span><\/p>\nIf you want to close the ransomware recovery gap,\u00a0don\u2019t\u00a0wait for an incident to discover how your organization makes decisions under pressure. Define the process now, test it, and make recovery a practiced capability, not an improvised one.<\/span>\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"Druva’s Badri Raghunathan offers commentary on how ransomware demands more than backups. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI. Ransomware\u2019s gotten easier to launch and harder to contain. Even teams with solid controls can still end up with encrypted systems and reinfections upon recovery. That\u2019s […]<\/p>\n","protected":false},"author":1429,"featured_media":7365,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[1364,222],"acf":[],"yoast_head":"\n
Ransomware Demands More Than Backups<\/title>\n<meta name=\"description\" content=\"Druva's Badri Raghunathan offers commentary on how ransomware demands more than backups. This article originally appeared in Insight Jam.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Badri Raghunathan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/\",\"name\":\"Ransomware Demands More Than Backups\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2026\/04\/Backup-Recovery-3.jpg\",\"datePublished\":\"2026-04-30T16:18:20+00:00\",\"dateModified\":\"2026-04-30T18:48:57+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/98e8e4872c53e364b8411c693c1ec43d\"},\"description\":\"Druva's Badri Raghunathan offers commentary on how ransomware demands more than backups. This article originally appeared in Insight Jam.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2026\/04\/Backup-Recovery-3.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2026\/04\/Backup-Recovery-3.jpg\",\"width\":800,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware Demands More Than Backups\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/\",\"name\":\"Best Backup and Disaster Recovery Tools, Software, Solutions & Vendors\",\"description\":\"Solutions Review\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/98e8e4872c53e364b8411c693c1ec43d\",\"name\":\"Badri Raghunathan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2026\/04\/bf347ed8-4923-43a5-826b-acf06e3f4575_medium.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2026\/04\/bf347ed8-4923-43a5-826b-acf06e3f4575_medium.jpg\",\"caption\":\"Badri Raghunathan\"},\"description\":\"Badri Raghunathan is an accomplished technology professional with extensive experience in product management across various sectors. Currently serving as the VP - Data Security Products & Security Research at Druva, Badri has previously held significant roles including Director of Product Management for the Cloud Native Security Portfolio at Qualys, Co-Founder of an early-stage startup, Principal Product Manager for Advanced Threat Prevention and Security Analytics at Symantec, and Product Line Manager for Large Scale Network & Security Operations at Cisco Systems.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/badriraghunathan\/\"],\"url\":\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/author\/braghunathan\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ransomware Demands More Than Backups","description":"Druva's Badri Raghunathan offers commentary on how ransomware demands more than backups. This article originally appeared in Insight Jam.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/","twitter_misc":{"Written by":"Badri Raghunathan","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/","name":"Ransomware Demands More Than Backups","isPartOf":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2026\/04\/Backup-Recovery-3.jpg","datePublished":"2026-04-30T16:18:20+00:00","dateModified":"2026-04-30T18:48:57+00:00","author":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/98e8e4872c53e364b8411c693c1ec43d"},"description":"Druva's Badri Raghunathan offers commentary on how ransomware demands more than backups. This article originally appeared in Insight Jam.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/#primaryimage","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2026\/04\/Backup-Recovery-3.jpg","contentUrl":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2026\/04\/Backup-Recovery-3.jpg","width":800,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/ransomware-demands-more-than-backups\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/"},{"@type":"ListItem","position":2,"name":"Ransomware Demands More Than Backups"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#website","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/","name":"Best Backup and Disaster Recovery Tools, Software, Solutions & Vendors","description":"Solutions Review","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/98e8e4872c53e364b8411c693c1ec43d","name":"Badri Raghunathan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/#\/schema\/person\/image\/","url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2026\/04\/bf347ed8-4923-43a5-826b-acf06e3f4575_medium.jpg","contentUrl":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2026\/04\/bf347ed8-4923-43a5-826b-acf06e3f4575_medium.jpg","caption":"Badri Raghunathan"},"description":"Badri Raghunathan is an accomplished technology professional with extensive experience in product management across various sectors. Currently serving as the VP - Data Security Products & Security Research at Druva, Badri has previously held significant roles including Director of Product Management for the Cloud Native Security Portfolio at Qualys, Co-Founder of an early-stage startup, Principal Product Manager for Advanced Threat Prevention and Security Analytics at Symantec, and Product Line Manager for Large Scale Network & Security Operations at Cisco Systems.","sameAs":["https:\/\/www.linkedin.com\/in\/badriraghunathan\/"],"url":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/author\/braghunathan\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/posts\/7363"}],"collection":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/users\/1429"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/comments?post=7363"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/posts\/7363\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/media\/7365"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/media?parent=7363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/categories?post=7363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/backup-disaster-recovery\/wp-json\/wp\/v2\/tags?post=7363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/solutionsreview.com\/backup-disaster-recovery\/files\/2026\/04\/Backup-Recovery-3.jpg\")
<\/p>\n