Ransomware Response: 6 Steps to Limit Data Loss

Ransomware is a dominant threat to businesses everywhere — and it’s not going away anytime soon.

Although ransomware is a reality for IT teams to acknowledge, they are not always prepared for it. Of course, no one thinks that their datacenter will be the next one to fall victim to a ransomware attack, but the statistics are alarming.

According to an FBI report, one ransomware variant in early 2016 compromised as many as 100,000 computers a day. And those statistics are not subsiding. Hackers are constantly inventing new ways to gain access to sensitive information and critical files. According to Verizon’s 2017 Data Breach Investigations Report, ransomware is now the 5th most common type of malware – up from 22nd in the same report just 3 years earlier.

Businesses that have a response strategy will be able to better identify the signs of an attack and recover from it more quickly. Your ransomware response strategy should include six critical steps your business can take to respond better to a cyber attack and avoid data loss and company downtime.

Ransomware Response Strategy

  1. Educate the company.

Your IT teams should make sure that everyone knows what is at stake and what steps to take both before and after a ransomware attack occurs. Education is key to not only preventing ransomware from entering the systems but also to stopping it quickly once inside. Ransomware often infiltrates the system by an employee clicking on a link in a seemingly harmless email from an unknown source. With proper education, your staff can identify the most common types of ransomware and the typical ways by which it enters the system. They should also be educated on how prevalent these types of viruses are becoming. Equally important, educate staff on what to do after an attack – who to report issues to and what steps to take to minimize the damage.

  1. Know the signs of an attack.

A ransomware attack is most often characterized by the locking of files, folders, and applications until a price is paid in bitcoins to attackers. Attacks will often masquerade as government or police agencies accusing the computer owner of criminal activity and demanding that payment be made within a certain timeframe or else the user will be arrested. It’s important to recognize attacks quickly so the restoring processes can begin as soon as possible. And it’s important to note: many companies never get their data back, even if they pay the ransom.

  1. Correctly define how long your business can be offline and how much data you can afford to lose.

The next step in your ransomware recovery plan is to correctly define the recovery time objectives (RTOs) and recovery point objectives (RPOs) for your company. This is imperative in order to get operations back online without paying attackers. To define your RTOs and RPOs, you must first ask yourself two questions: How long can the business shut down while waiting for the restore to take place, and how many hours of business-critical data can the company afford to lose?

  1. Decide on a solution that can meet your defined RTOs and RPOs.

Once you’ve defined your RTOs and RPOs, you have to find a solution that can meet those requirements to get your infrastructure back up and running. According to Ponemon Institute, the average cost of IT downtime is $8,850 per minute. Therefore, a business will be bleeding money for every second spent waiting on requirements to be met. You should make sure to choose a data protection strategy that is not only best for the business, but one that can get the infrastructure running again in the time provisioned.

  1. Assess integrated solutions to protect remote and branch offices.

Having multiple backup and disaster recovery solutions only serves to intensify complexity. Simplify your data protection scheme by picking only the solutions that are right for your environment. This is particularly important if you have multiple remote offices (ROBO) to support with small or nonexistent staff at each site. Solutions that offer integrated functions, such as built-in data protection, will help to ease the burden at remote offices and provide better protection to ROBO sites.

  1. Ensure your solution is simple enough to allow systems to get back online quickly.

In addition to reducing the complexity of your data protection and backup solutions, seek a datacenter solution that stresses ease of use. Simplicity is most critical when recovering from a ransomware attack. When IT downtime incurs as much as $8,850 per minute, every second counts and reducing the restore process by a few clicks may make a significant difference.

Peace of mind – built in and guaranteed

Some businesses have turned to HPE SimpliVity because it makes ransomware protection simple with its built-in data protection. When using HPE SimpliVity’s built-in backup capability, it takes less than one minute, on average, to complete a local backup or local restore of a 1TB VM, guaranteed. In fact, one HPE SimpliVity customer fell victim to a ransomware attack when transferring data from the previous infrastructure to the new hyperconverged solution. Yet, they were able recover data quickly and avoided any downtime and expenses. Had the attack occurred during a period when they were still backing up to tape, the business would have lost almost 12 hours of data. Thankfully, they only lost less than an hour of data using HPE SimpliVity’s hyperconverged solution.

Ransomware is a threat to every business. IT teams need to recognize this fact and adjust their data protection strategies accordingly. Organizations should work under the assumption that they will eventually become infected and should focus on minimizing downtime once infected, as well as have a data protection strategy in place that supports their defined RTOs and RPOs. Using the six steps listed above, the damage done by ransomware can be minimized.

About Jesse St. Laurent

Jesse St. Laurent is the Chief Technologist for HPE Hyperconverged and SimpliVity. He uses his 20 years of experience to engage channel partners, evaluate emerging technologies, and shape innovative technology solutions involving data center modernization. For more information on how hyperconverged infrastructure can elevate your hybrid IT environment, download the free HPE SimpliVity edition of Hyperconverged Infrastructure for Dummies ebook.

To read more articles from Jesse St. Laurent, check out the HPE Converged Data Center Infrastructure blog.