4 Critical Steps for Fast Ransomware Recovery

Tom Rose, Nasuni VP of Technical Marketing, outlines four critical steps for the fastest ransomware recovery.

October 5, 2020

Now that so many users are spending more time online and working from home, it should come as no surprise that malicious agents are trying to exploit the changes. Weaker controls at home and anxiety-ridden users clicking on pandemic-themed ransomware emails create fertile ground for attackers.

Nasuni recently hosted a webinar that focused on ransomware defense for large organizations. Three security experts explained why backup fails to protect companies against distributed ransomware attacks, the perils of centralized backup approaches, and how to prepare your organization for ransomware attacks designed to target both production file storage and backup file infrastructure.

Here I’d like to offer a recap of the discussion, and highlight four critical steps for ransomware recovery.

1. Frequent snapshots for better RPOs

There are a number of preventative measures an organization can put into place to reduce the likelihood of a ransomware attack, but once you factor in human error and the increasing sophistication of malicious attackers, it’s clear that no strategy is 100% effective. Ransomware still gets through. The question is how quickly can your organization return to business as usual.

One way to accelerate your recovery is to configure more frequent snapshots – even as often as every few minutes. Less time between snapshots means fewer changes between the last “safe” version of a file and the infected version of a file. This also gives you more granular recovery point objectives (RPOs), so that you can choose from more recovery points after a ransomware attack.

2. Auditing that allows surgical recoveries

A wholesale, file-system-wide restore to a previous timepoint is often unnecessary. Even with the new distributed ransomware attacks, a widespread incident doesn’t impact every file or folder. What you want is auditing capabilities that allow you to use the audit trail to selectively restore only those files that were infected by the ransomware. By auditing Create, Delete, Rename, Write, and Security events for every volume, you’ll have a record of which files were compromised and need to be restored, making surgical recoveries easier.

3. Strong, up-to-date antivirus protection

An obvious but essential step. Utilizing advanced and up-to-date antivirus protection might not provide 100% protection against ransomware, but it’s going to greatly reduce the chance that an attack sneaks through your defenses.

4. Testable, simulated attacks and recoveries

Finally, it’s imperative to test your ransomware recovery procedures to ensure that you’re ready to go, and ready to recover quickly, in the event of an attack. The European Institute for Computer Anti-Virus Research (EICAR) offers companies a test virus to be used to simulate an actual attack. EICAR provides harmless text files that simulate infected files. Once these test files are included in a snapshot, you can run through your recovery procedures to see how quickly and seamlessly you can restore the original text file, before it was replaced by the “infected” file.

Even without this simulated malware, though, test-driving your recovery processes can sharpen your response, help administrators become familiar with mitigation procedures, identify the best procedures to follow, and even raise awareness of the threat posed by attacks.

Multi-Site Ransomware Mitigation

With traditional or even centralized cloud backup, ransomware recovery can be an enormous challenge, especially across a multi-petabyte, multi-site global file infrastructure. Yet it’s possible to recover – and to do so quickly – with a cloud platform like Nasuni. Our solution reduces the ransomware attack surface by consolidating all components of enterprise file infrastructure into one cloud platform. It supports fast, testable recoveries across many locations, and it enables you to locate and restore safe versions of infected files across your entire global file data footprint.

Now that more users are working from home – and many of them may never return to the office – ransomware is only going to become more prevalent within large enterprises. Adding to your ransomware knowledge, and your familiarity with the strengths and weakness of the different recovery tools, is absolutely essential for today’s IT and Security leaders.

Watch the full recorded webinar here and let us know if you have any questions about how Nasuni can help your organization prepare for the inevitable.


Note: This is an updated version of the blog originally published on 6/18/2020 originally entitled Mitigate Ransomware Across All Locations with Cloud File Storage

Ready to dive deeper into a new approach to data infrastructure?