[BreachExchange] A Step By Step Guide to Ransomware Disaster Recovery

Audrey McNeil audrey at riskbasedsecurity.com
Thu Apr 5 18:57:17 EDT 2018


https://solutionsreview.com/backup-disaster-recovery/a-
step-by-step-guide-to-ransomware-disaster-recovery/

Ransomware attacks are steadily rising and evolving. These attacks are a
threat to the business continuity of an organization that can prevent
business operations from ever resuming after being disrupted. For that
reason, it is necessary for enterprises to have a ransomware disaster
recovery plan for when they experience an attack.

The initial step to take when creating a ransomware disaster recovery plan
is to determine which data sets and systems are vital to business
operations. Ask yourself, “how long will our business last without this
element?” as a way to identify which components are the most essential.

Next, you’ll want to begin developing your recovery strategy. When creating
your plan, you are assuming that at least one of your vital data sets has
been encrypted by ransomware and that you are unable to decrypt it or pay
the ransom. At this point, use the list of critical business elements to
determine your recovery time objectives (RTOs) and recovery point
objectives (RPOs). This will assist you in determining your backup strategy.

Figuring out how a successful ransomware attack would affect your business
is the next step. Depending on the ransomware, the extent of an attack
could affect one, nonessential endpoint, or it could infect the workloads
of your CEO. In the latter scenario, the ransomware attack could start with
the CEO’s workloads and spread to various endpoints throughout the company.

Doing a cost analysis is the next step in the process. The purpose of this
is to determine whether you will pay the ransom or not. Figure out what
needs to be recovered and consider the math concerning the payments. Many
ransomware authors treat their attacks like a business, so there is a good
chance that you will receive a legitimate decryption key from them.
However, some attackers ask for a large sum of money with no intention of
returning your data or providing a decryption key, in which case it’s
cheaper to just recover everything.

Finally, your last step is recovery. At this point, you’ll restore your
data and systems back to their pre-ransomware states.

The best way to prepare for ransomware is to assume that the attack will
get past your defenses. This causes you to feel the need to prepare
yourself and create a ransomware disaster recovery plan. After your plan is
in place, ransomware becomes less of a threat to your business, and more of
an annoyance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180405/10e40a66/attachment.html>


More information about the BreachExchange mailing list