Steps to Prepare for, Respond to, and Recover from Ransomware

As many readers know, ransomware is a type of malware that is easily spread and has proven highly effective for cyber attackers for several reasons. For one, ransomware strains are constantly modified to avoid detection by antivirus software. Worse, ransomware is spread using social engineering tactics that can skirt antivirus protection entirely. As a result, ransomware attacks have skyrocketed over the past few years.

Author: Datto’s Christian Kane
Author: Datto's Christian Kane

It’s important to note that ransomware isn’t limited to on-premises systems. It can easily spread to software as a service (SaaS) applications. In fact, 28% of MSPs reported ransomware attacks in SaaS applications, such as Office 365, G Suite, and Dropbox.

Comprehensive Ransomware Protection

So how can you protect yourself and your clients from ransomware? You’ll want to begin with end-user education, perimeter protection, and antivirus software. However, if a victim falls prey to a social engineering attack, they’re essentially opening the door for ransomware to enter a network. Every MSP also needs a backup strategy that enables them to recover quickly. When evaluating ransomware protection, MSPs should look for a comprehensive business continuity and disaster recovery (BCDR) solution that includes all of the following elements.

  • Rapid Recovery of Business Operations: Many modern server backup solutions offer a capability known as “instant recovery.” Here’s how it works: The backup server takes snapshots of physical or virtual servers, which are stored locally and replicated to the cloud. If a ransomware attack takes down a primary server, a clean backup “image” is mounted as a virtual machine on the backup device or in the cloud. This allows normal business operations to continue while the primary server is being restored, reducing costly downtime.
  • Point-In-Time Rollback for Servers, Endpoints, and Cloud-Based Apps: Point-in-time rollback or restore gives MSPs the ability to “turn back the clock” to a time before the ransomware attack occurred. In other words, you can restore systems to the state they were in immediately before the attack, ensuring minimal data loss. Point-in-time rollback is common among server backup solutions, but it’s important to find this feature for the endpoint and SaaS backup space as well.
  • Ransomware Detection: Some backup solutions offer native ransomware detection capabilities. Since backup is an ongoing, scheduled process, adding ransomware detection makes a lot of sense. Ransomware detection is important because early identification can mitigate the impact of an attack. Ransomware detection works by identifying patterns of change in the file types that are most likely to be encrypted by ransomware. For example, it is unlikely that a user or legitimate program would rapidly and simultaneously perform an in-place file content overwrite with random data. So, if this (or another identifying pattern) occurs, the backup administrator is alerted.

A comprehensive ransomware protection strategy requires a number of technologies and services. Prepare your business. Download our eBook, “Comprehensive Ransomware Protection: Detection, Response, and Recovery” to learn more about how ransomware attacks your data and dive deeper into protection methods.

Christian Kane is product marketing manager at Datto. Read more Datto guest blogs here.