How to Recover from a Ransomware Attack

By Patrick Stasko
18 Jan 2018
Posted in: Dell | Partner Showcase

If you’re like most people, you prefer not to think about things like ransomware. If you’re in the IT security field, you think about ransomware a lot.

Each year, the number of ransomware attacks rises, and so do the ransom payouts. It’s a big business for cybercriminals, and a big part of the CSO’s job is figuring out how not to become their customer.

The steps to preventing a ransomware attack are well documented. Let’s say you’re among the thousands of organizations that are hit with a ransomware attack this year. What do you do? You can pay the criminals and hope they release your data – and don’t re-attack you a week later. Or you can restore your data from a secure backup copy once you’ve cleared the ransomware out of your system, presuming you can find the malware and remove it quickly.

There is, however, a better option: protecting your data with an isolated recovery system.

What’s an isolated recovery system? You can think of it as an isolated environment that is physically and logically segmented from your main production and disaster recovery (DR) environments. Access in the isolated environment is controlled within the isolated recovery zone.

The data stored in an isolated recovery system is typically older than the recovery point objective (RPO) for a disaster recovery system; it may be one or two days old instead of near real-time, but in most cases it’s ample for recovery from a ransomware attack with minimal losses.

The concept of an isolated recovery system is something that we deeply understand at Advizex, and have developed into a repeatable solution by combining our own data-centric security methodologies with Dell EMC’s Data Protection Suite (DPS).

As we prepare customers to mitigate ransomware attacks, we guide them through a proven model of readiness:

  • Preparation. This is probably the most important piece, since it’s in this phase that organizations plan and design the isolated recovery environment that will run their business in the event of a ransomware attack.
  • Isolation. This literally means what it says: the data recovery system is physically isolated from the main system, with restricted access by authorized personnel only. As part of this process, we’ll even turn off ports to ensure that the number of links between the systems are minimized.
  • Duplication. Data is copied periodically and automatically by the DPS software to create a full backup. This process consumes less time and space than standard DR backup because of the advanced data deduplication and compression technology found in DPS.
  • Validation. Testing the integrity of the isolated recovery system is important, since you’re essentially betting your business on it. As part of this integrity check, each backup copy is validated after duplication is complete.
  • Remediation. This is where the process of recovery begins, which includes automated scripts and workflows to restore data quickly and seamlessly.

Being hit with a ransomware attack can feel like the end of the world, but it doesn’t have to be. With an isolated recovery system, ransomware becomes just another bump in the road. To learn more about how Advizex and Dell EMC can protect your business, watch my on-demand webinar, Understanding Isolated Recovery and the Data-Protection Suite.

By Patrick Stasko
18 Jan 2018
Posted in: Dell | Partner Showcase