Ransomware – 5 Steps To Recovering

Ransomware... recovery is possible.

Recovering from ransomware is easy, if you’ve planned.  If you haven’t planned you’re probably out of luck.  Unless you’ve been ‘fortunate’ enough to get infected with old or poorly executed ransomware, there is no way to recover your files, except by paying the ransom.

If you are trying to protect your business from future attacks, you’re in luck.  This article will provide you with a strategy so you never need to pay the ransom.

Before we get started, it’s important to know why you should never pay the ransom.  Firstly, there is no guarantee you will get your data back after you pay.  In fact, latest research shows that one in four companies will not get their data back after they pay the ransom.

Secondly, paying the ransom proves to the bad guys that not only do you value your data, but that you have money and are willing to part with it to get your data back.  This makes you a high priority target for future attacks and other types of extortion.  This is like the ‘protection’ money business owners had to pay to bad guys to ensure their businesses didn’t burn down.  You’d pay once, then they’d come back and ask for more.

The message here is NEVER PAY THE RANSOM.

So, how do you protect your business from ransomware and ensure you never pay the ransom?

There are five steps.  Five steps are required because one type of protection is not enough.  Technology changes, attack and delivery methods change and new vulnerabilities are discovered.  It takes time for protection to catch up with the bad guys.

Step One – Educate your employees.  People are the weakest link in protecting yourself from this problem. Just over 95% of all ransomware attacks happen when a user clicks on a link or opens a document in an email.  Training helps users identify good email from bad.

Step Two – Secure the desktop and server.  Invest in non-signature based anti-virus software like Sophos Intercept X and install it on all your devices.  Sophos has multiple layers of protection and is updated in minutes when new threats are discovered.

Step Three – Secure the perimeter. You need to invest in a Unified Threat Management device or UTM. A UTM replaces your router/firewall and scans traffic as it’s leaving and entering your network.  The UTM (we use SOPHOS) keeps the bad guys out by looking for bad actions.  This varies greatly from a simple firewall.  I’ll post more on that in a future article.

Step Four – Isolate the data. When ransomware attacks, all available data is affected.  Restricting user access to only data they require means that smaller amounts of data are at risk when a user is compromised.

Step Five – Secure the data.  You need to have some form of data security in place.  Even after you secure the desktop, server and perimeter, bad things can still happen.  Data security means you are taking steps to ensure your data is available, not matter what happens.  I highly recommend implementing a business continuity server.  This device will take snapshots of your data every 30 minutes, in the event of a problem, your data can be restored in minutes, not hours or even days.  We’re proud to protect our clients using Datto.


Learn about data security.