When it comes to ransomware attacks, there are no dress rehearsals and no do-overs. The stakes are high, and when the moment strikes, you only have one chance to respond as quickly and effectively as you can. Once the tough lessons are learned, it’s too late.
Luckily, our friends at Veaam have compiled responses from over 1,200 IT leaders from around the world to share their experiences, and we can learn a lot from that insight. Here are some hard-earned lessons from past ransomware attacks that you can apply to your IT team’s strategy today.
Cyber Teams and Backup Teams Need To Work Closely Together
The importance of a communicative relationship between a company’s IT backup and cybersecurity teams cannot be overstated. The IT backup team is responsible for safeguarding critical data and systems, while the cybersecurity team is tasked with protecting against external threats and monitoring for potential vulnerabilities. By fostering a strong relationship and open lines of communication, these teams can share insights, coordinate responses, and implement proactive measures to mitigate risks and respond effectively to incidents. Unfortunately, many IT departments struggle with this kind of collaboration, which weakens the overall cybersecurity posture of the company.
Protect Backup Repositories with Immutable Data
Frustratingly, most ransomware attacks target backup repositories, encrypting or deleting the backup data a company hopes to restore from. This trend highlights the importance of immutable data in the context of ransomware attacks, which can provide a vital layer of additional protection. Immutable data storage solutions, such as write-once-read-many technology or blockchain-based systems, ensure that once data is written, it becomes tamper-proof and cannot be changed. Veeam notes short-term disk, within BC/DR capable clouds, and long-term tape storage as the most popular methods for doing so.
Incident Response Playbooks Should Be Robust
Incident response playbooks for ransomware attacks are becoming increasingly important among organizations, due to their usefulness in efforts to respond quickly, implement containment measures, initiate recovery processes, and communicate effectively with stakeholders. In order to have a playbook that gives you the best chance to act promptly, minimize downtime, protect critical data, and potentially reduce the likelihood of paying a ransom, what should be included? According to the Veaam study, here are the top components of a strong ransomware response playbook:
- Arrangements for alternate infrastructure (servers and storage)
- Backup verifications and frequencies
- Clean backup copies assured cleanliness
- Communications plan for customers/outside stakeholders
- Disclosure/remediating communications plan for employees
- Insider threat considerations
- Isolation plan
- Law enforcement or other third-party escalations
- Pre-defined decision points or “Chain of Command”
- Ransom willingness and methods
Be Sure to Avoid Re-Infection
During the restoration process, most companies are at risk of becoming reinfected with problematic ransomware elements. To maximize resilience against re-infection, it is essential to combine technical measures and smart backup strategies to create a multi-layered defense against ransomware threats.
There are three common approaches to cleaning system data upon restoration. The least effective way is to closely monitor as backups are restored to production. The next most effective approach is to restore, then immediately scan for safety. The best tactic is to restore to an isolated sandbox area for scanning, then only restore data to production upon completion. Taking reinfection seriously as a risk can prevent major headaches after the worst of a ransomware attack is seemingly over.
Playing It Safe
By following these steps, companies can minimize the risk of long-term harm in the event of a ransomware attack. The very best defense, however, is a dedicated IT partner on the cutting edge of backup and disaster recovery services. DartPoints’ expert team of engineers will create a scalable plan that meets your operational needs, giving you peace-of-mind that your data, brand, and bottom line are always protected. To read more about the latest in the world of data protection, click here. Or, learn about DartPoints’ disaster-recovery-as-a-service offering here.