Ransomware Response — What’s Your Process?

Ransomware Response — What’s Your Process?

With the explosive growth of ransomware incidents in 2016, it is fair to say ransomware is now on the radar of most businesses in Japan. Trend Micro Japan reported 2,690 businesses infected by ransomware in 2016 up from only 41 incidents in 2014! This is a huge number considering that most ransomware incidents go unreported.

Unfortunately, the likelihood of getting hit by a new variation of ransomware in 2017 looks to be much higher than last year.  Does your business have processes in place should ransomware hit one of your desktops or servers? How quickly can your business get back to normal operations?

Getting Back to Normal Business Operations
Here are some simple steps to take in the event of a ransomware attack on your business.

  1. Isolate the infected machine.  Physically remove the infected machine from the network.
  2. Identify the ransomware family.  You can find decryption tools online for some ransomware variations which can save you time, money and effort.
  3. Suspend backups & replication.  Protect your previous backup data by stopping the daily job asap. A good backup is your last line of defense.
  4. Prioritize data to restore.  Before starting the restore process prioritize which files & folders are most important to getting back to normal business operations.
  5. Assess restore location.  Where will you restore your data to?  The same location or an alternative location? Do you have enough disk space to restore your data?
  6. Sort the infected files & folders.  Sorting through all the infected files can speed up the restore process as uninfected files may not need to be restored.
  7. Select data to restore.  Prioritizing important data for restore vs. a full data restore will speed up the recovery time.
  8. Restore data.  The goal is getting back to normal business operations as soon as possible. Follow the above simple steps and restore data accordingly.

Being prepared for and having a process for a ransomware crisis will give order in a panic situation.