How Disaster Recovery Can Save Your Business From Ransomware

Protect your precious data with backup and disaster recovery

In the case of most major cyber security attacks, recovery of data is the number one priority. Software can be reinstalled and hardware can be repaired or replaced, but data is often unique or extremely difficult to gather again.

This is why ransomware is such a frightening form of malware. In the short term, affected businesses will likely lose time and money due to downtime, as they scramble to get things up and running again, but it wouldn’t take long to wipe all your systems and start again.

The problem, of course, is all your data would be gone: everything from contact details to invoices and tax records. If the data loss is permanent, your business might not be able to survive. That’s a worst-case scenario, of course, but it’s also a perfectly realistic one.

It’s no wonder some ransomware victims cough up the cash, in the hope they’ll get access to their valuable data once again. But there are no guarantees that paying a ransom will actually persuade the criminals behind the attack to decrypt the data they’ve locked down. Instead, they might attempt to extort more money from you, or they might take your cash and leave your data encrypted for the sheer hell of it. Possibly, they won’t be able to decrypt your data, because they never actually planned to do so.

Furthermore, even if you do get your data back, by paying a ransom you’ve marked yourself as ripe for future attacks.

So if capitulating in the face of a ransomware attack is not the right path to take and you can’t afford to lose your data, what should you do?

The answer, quite simply, is to set your disaster recovery solution into motion. Part of this will involve restoring data from backups, but be aware that if your backup solution accidentally backs up data that has been encrypted by ransomware, then those backups will also be inaccessible too.

Assuming the malware itself doesn’t spread, you should be able to restore to a time before it entered your system – provided you’ve actually set your backups to make multiple, periodic copies of your data.

If you have disaster recovery server on site and/or in the cloud, you can access that, enabling you to continue working. Again, it’s important that this enables you to restore to a time before the ransomware attack, because an exact clone of your ransomware-encrypted data won’t be any use to you, because that too would be encrypted.  

You may lose some data in the process, and the exact amount will vary depending on how far you need to roll back, but this is still preferable to losing everything or being forced to pay a ransom that might not get you anything other than a hole in your pocket. If luck is on your side, you won’t lose anything at all.

Ransomware isn’t the only reason to have a strong BDR solution in place either. Data loss can occur through mechanical failure, software corruption, accidental deletion, physical damage caused by impact or electrical shocks, flooding and many, many other possible reasons. In all cases, backup and disaster recovery is the only way to ensure business continuity and your organisation’s ultimate survival.