When a business is hit by ransomware and cannot access critical data, it can be a very stressful period for everyone involved. It’s crucial to have access to that critical data as soon as possible so that downtime is minimized and business may resume as usual.
According to The State of Ransomware 2021 by Sophos, the average overall cost of ransomware recovery has more than doubled in a year, rising from $761,106 in 2020 to $1.85 million in 2021. The average amount spent for a ransom is $170,404. According to the statistics, just 8% of firms were able to recover all of their data after paying a ransom, with the remaining 29% received only half of their data.
Here are a few ways to recover data after a ransomware attack.
Also Read: Top Four Strategies to Optimize Cybersecurity Budget in 2022
Backups that are secure and “air-gapped”
When it comes to ransomware attacks, data protection is the last line of defense. If backups are stored on the same network or storage system as production data, they are subject to attack as well. Cybercriminals have become more skilled, and one of the first things they do is look for and delete any backups, ensuring that no data can be recovered. The data can be retrieved if backups are air-gapped in the cloud or on tape and are not accessible to the ransomware attacker.
Backups that are application-aware and include verification
If the data is only safeguarded by the database files themselves, applications that use databases require extra attention. When a disaster or ransomware strikes, a multi-step procedure is needed to restore apps to a state where they can be utilized again with little business disruption. As a result, having an application-aware backup that also preserves application meta data and ensures that the application servers can be properly recovered is critical. Enterprises that do frequent application recovery verification tests can be reasonably certain that their data and apps will be restored and returned to service rapidly.
Also Read: Top Three Security Mistakes CISOs Make today
Reporting in order to provide early warning
Between complete backup cycles, incremental data backup sizes contain very minimal amounts of changes in regular operations. When ransomware infects a device and encrypts data, incremental backups become substantially more extensive than complete backups. Modern data protection tools can keep track of these changes and inform the backup/security administrator if backup sizes grow abnormally big. Not only can this be used to detect an attack in progress, but it may also be used to pinpoint a moment in time where quick data recovery can be performed.
Granular recovery points to rewind back time
Backing up data is one thing, but if a company only backs up for a week and ransomware strikes on day 6, the company will only have a recovery point from 6 days ago, resulting in the loss of many days of data. Backups must be performed on a regular basis, and data snapshots, or point-in-time copies of data, should be taken as frequently as possible. Businesses can then go back in time and retrieve data as near to the time it was encrypted or corrupted by ransomware as possible.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
