Ransomware has quickly become the scourge of many businesses, and for good cause — the number of ransomware attacks is on the rise, with many organizations falling prey to cyber-criminals and having little or no recourse.
Naturally, preventing a ransomware infection is the first step in protecting a business; however, many have discovered that protection schemes can come up short, and ransomware still manages to find its way in. That just goes to show that relying on a single solution to prevent ransomware can be a fool’s folly, and businesses must treat a ransomware attack as a possibility, and not a rare occurrence.
That said, some tried and true technologies can minimize the impact of ransomware. With a few tweaks, those technologies can be salvation in the face of a ransomware attack. Take for example disaster recovery (DR) solutions. DR technology is designed to help a business quickly return to operations after a disruption of IT processes. Traditionally, the root cause of those disruptions was some type of hardware failure, which meant data could no longer be processed.
How DR Technologies Protect Against Ransomware
A ransomware attack can be likened to a hardware failure, the primary result being one of not being able to use IT to conduct operations. With that in mind, it an effective DR solution can be used to quickly recover from a ransomware attack. That means an organization will need to add ransomware events to the DR plan.
The first step for creating a ransomware DR plan is to garner an understanding of how ransomware would impact business operations. In other words, organizations must identify what data sets and applications are critical for business operations. Business operators have to determine the most essential IT processes and figure out how long the business can survive without that process.
Once those assets are identified, a recovery strategy can be devised, which becomes the foundation of the ransomware DR plan. The plan has to take into account the concept that a vital data element has been rendered unusable by ransomware and must be restored to conduct business. That means the DR plan must include the concepts of a recovery time objectives (RTOs) and recovery point objectives (RPOs). Understanding those critical processes, as well as gauging the impact a possible ransomware attack could have on the business, is the foundation for responding to an attack.
Ransomware attacks vary in scope and scale. They may be limited to a noncritical endpoint or they can hamper the primary data processing capabilities of an organization. What’s more, ransomware can spread from a noncritical asset to critical assets depending on the sophistication of the attack. With that in mind, it becomes critical to look at the cost of an attack.
It all comes down to figuring out what needs to be recovered and calculating the payment cost. For the most part, ransomware authors operate as if they were a business, which means payments result in receiving a legitimate decryption key. Yet there are also numerous exceptions to the rule where paying a ransom does not lead to recovered data. In those cases, organizations are completely dependent on their DR plan for recovery.
Being prepared is the rule of the day here. Businesses should assume that ransomware may very well infect their systems, regardless of the proactive protections that may be in place. With that in mind, it is absolutely critical to create a comprehensive and thorough ransomware DR plan.