Ransomware is a malicious type of software that encrypts the contents of your hard drive or database and requires a key to unlock it. It renders your systems completely unusable until you pay a ransom demand and get the key to unlock the cipher. Ransomware can also lurk in your network and collect sensitive data, which cyber criminals can then steal and sell or else threaten to make it public unless you pay them. In most instances, ransomware infects a company through phishing emails and by targeting vulnerabilities in out-of-date software. Ransomware attacks have cost businesses millions of dollars and represent one of the most significant cyber security threats of our time. In this article, we’ll explain how ERP Suites can help you take your ransomware recovery preparations to the next level.
Common Questions about Ransomware
What If I Pay the Ransom?
Even if you pay the ransom, you have no guarantee that the cyber criminals threatening you will completely remove the ransomware from your system, or that they won’t sell the keys to someone else who will use them a few months down the line. If news gets out that you’ve been the victim of a successful attack and paid a ransom, other cyber criminals may try their luck with your data as well. In 2021, ABC News reported that cyber criminals have started leasing ransomware on publicly accessible sites in what is being termed “ransomware-as-a-service,” thereby dramatically escalating the risk of attacks against businesses.
Can’t I Just Decrypt My Data?
You can try decrypting your data, but the process can be expensive and time-consuming and is often unsuccessful. Amateur cyber criminals may employ poorly written ransomware that can be breached in time, but professionals utilize more sophisticated approaches that can be impossible to unencrypt without the keys. In the meantime, you have no access to your data and your business is effectively on life support.
What About Restoring from Backups?
Running a restore from tape or disk backups is a lengthy and involved process. To effectively restore from backup, you’ll need to start by pinpointing the date and time you were initially breached, otherwise, you could restore the ransomware along with your saved data and eventually find yourself right back in the same predicament. Cyber criminals know that businesses will immediately try to restore from backups rather than paying their ransom, so they will usually begin their attacks by identifying and infecting your backup solution to deprive you of this option. For this reason, it’s best to utilize a backup solution that is completely segregated from your network and inaccessible from the same system you backed up to in the first place. Also, the copy of the backup data should be immutable, so that if someone does gain access to your backups, they won’t be able to change the data.
Naturally, you’ll want to test your backup and restore solution to ensure it performs adequately and understands the restore process ahead of time, and know what you’re facing in terms of costs, resources, and downtime. If you rely on these methods, be prepared to allocate anywhere from a week to ten days for recovery and testing. In considering this, you should ask yourself a few questions: How much will being down that long cost you? Will your customers wait until you’re operational again before they go elsewhere? Are you prepared for the potential public relations nightmare that may ensue if you must explain a breach? Will such an incident engender mistrust in your company and potentially cost your business even when you’re finally back on your feet?
ERP Suites Cyber Recovery
ERP Suites Cyber Recovery is a backup solution that can help take your ransomware attack and restoration preparation to the next level. Rather than using a traditional backup program—which, again, is usually the first target ransomware will attack—Cyber Recovery works by taking a full snapshot of the datastore that your data actually resides on, including VMware setup and config, and pushing it out to a segregated storage array via a managed network. The arrays are opened only to transfer snapshot data, so they are kept separate and otherwise inaccessible from the rest of your network. Access Control Lists (ACLs) on the arrays ensure that your backup data is immutable because it cannot be deleted except by someone who has the array administrator credentials, and these are held only by the array manufacturer.
In the event of a ransomware attack, EPR Suites Cyber Recovery works by essentially performing the transfer process in reverse, pushing the VM (Virtual Machines) datastore snapshot back onto your primary array—thereby restoring the entire environment in one shot—and bringing your VMs back online. Traditional backup programs archive data utilizing compression, which makes the restore process a tedious, drawn-out affair and keeps systems inaccessible for prolonged periods of time—sometimes days or even weeks. Because ERP Suites Cyber Recovery utilizes snapshots rather than backup programs, there is no data compression involved and the restore capability can be recognized in terms of minutes and hours rather than days and weeks, thereby saving you potentially enormous costs in terms of downtime, business loss, and public embarrassment.
How Will I Know if the Restore Point is Free of Ransomware?
ERP Suites will perform a forensic analysis of your data prior to restoration to identify the date, time, and method of the initial ransomware infection. Data backed up before this time should be safe to use for the restore procedure.
Rapid Ransomware Assessment
Of course, preventing ransomware in the first place is the best-case scenario. Watch our on-demand video on what the cyber insurers want you to know and we'll explain the 9 controls on our security checklist.
