Do you have a disaster recovery plan for ransomware? I mean, do you really have a plan? Could you tell me what it is in a paragraph if you had to? Could you lay out what happens in a step-by-step sequence in case of attack?
Most people can’t answer all these questions with a “Yes.” That’s because their disaster recovery plan for ransomware is often poorly implemented, not comprehensive enough, and not tested (on a regular basis).
This attitude is dangerous, and almost implies that you’re confident that your organization, for whatever reason, is less vulnerable than others. Don’t fall into this trap. We’ve posted a lot of information on how to build a proper disaster recovery plan for ransomware, and I’ll lay it out in this blog.
This article is the first place to go. It covers things like your initial response to the attack, and how the worst thing you can do is panic. That leads to bad decisions and wasted time, while the attackers are having their way.
It then discusses the right way to implement your disaster recovery and incident response plans. Among the advice here is to not deviate from any plans unless authorized by senior leadership. This topic includes sub-sections on creating plans, including the differences between disaster recovery and incident response plans, and a comprehensive, 5-module video course on disaster recovery.
Following that step is coverage on whether or not to call in outside help. It can be incredibly useful to bring in experts who have experience in recovering from ransomware attacks. It discusses when to determine that you’re in over your head, and the importance of carrying cyberinsurance.
The last section is concerned with whether or not to pay the ransom. This is a controversial subject to say the least, and there are pros and cons to each approach. The article goes over the primary considerations for making that decision, and what the possible fallout might be from it. (We also ran a two-part series on this question, looking at both sides. Part 1 deals with the right time to pay up, while Part 2 delves into reasons to not pay.)
A related question is how much time takes to recover from ransomware. Although every case will of course be different, emerging data is painting a frightening picture. It shows that it can take up to a year to get fully back up to speed. That should scare anyone into realizing the importance of proper recovery procedures.
Another common question is whether or not a factory reset will remove all traces of ransomware on a compromised system. That aspect of recovery is dependent on what system you’re talking about, including whether it’s a mobile device or not.
In an ideal world, you’ll be completely protected from a ransomware attack, and invulnerable to attack. In the real world, things are different. An attack truly is a matter not of “if,” but “when.” Having a solid, verified, tested plan in place is critical for every organization, no matter the size. Use these resources to help you get there.