In recent months, numerous companies around the world have been exposed to ransomware attacks and a subsequent emergency that have not stopped even at well-known IT companies. Specialists have already predicted this development, as many companies switched to cloud applications unprepared due to the lockdowns.
This offers an easy gateway for cyber criminals who access data, encrypt it and only release it for a ransom. In Commvault's 5-step guide, companies can quickly and easily set up an emergency strategy against ransomware attacks:
1. Make a plan
A well thought-out and effective plan for an emergency is the elementary basis for resuming daily operations as quickly as possible. In order to develop a disaster recovery strategy, the first and foremost important thing is to identify critical applications and data. Then IT managers can focus on the data that needs to be recovered first in the event of a loss. Then the goals for the recovery time should be set, i.e. how far back a recovery should go and how quickly it is possible.
2. Prevent possible attacks
Any attack that can be prevented saves time and money. Heightened vigilance and trained employees are elementary. A large part of the malware gets into the company network through user actions, by e-mail or via links and attachments. To prevent this, you should always check whether the sender is a trustworthy source. In addition, software should only be downloaded from legitimate vendors and scanned for malware before clicking. These easily implemented measures alone can prevent many attacks. The IT department must also act responsibly. Updates and patches should be installed in good time, and privileged accounts should be specially secured. One possibility for this is multifactor authentication. Successful attacks often use vulnerabilities for which patches would already have been available.
3. Monitor the environment
Servers should be checked regularly for anomalies, such as unusual file system behavior. It does this by comparing current data with historical data to identify the difference between legitimate activity and signs of potential problems. So-called "honeypot files", ie files that are particularly attractive for ransomware, are laid out as bait across the entire infrastructure. In this way, ransomware can often be exposed before real, business-critical files are attacked and encrypted.
4. Recover data quickly
If a ransomware attack succeeds, it is critical to reduce the attack surface. This is where disaster recovery comes into play: the areas that have been attacked must be isolated, for example by automatically switching off affected virtual machines as soon as an attack on them has been detected. Depending on the type of attack, this can prevent the malware from spreading. The data must then be restored as quickly as possible in order to further reduce the effects of the attack. It is particularly important to make the intact copies of the data available again quickly to ensure normal business operations. Technologies support the provision of saved data directly from the backup for users without a lengthy restore process.
5. Test the plan
Once the plan has been worked out and the appropriate technologies have been implemented for its implementation, regular tests should be carried out to see whether it works as planned and desired, for example with the help of a virtual test environment. For this purpose, the backup tool used should enable virtual machines (VM) to be started directly from the backup in a separate network. It should also be able to check the applications running in the VMs. A lengthy restore process does not have to take place to test the recoverability. Because no matter how well a disaster recovery plan is designed on paper, it must be tested again and again in order to be ready for an emergency.
More at Commvault.com
About Commvault Commvault is the leading provider of backup and recovery. Commvault's converged data management solution redefines what backups mean to the advanced business with applications that protect, manage, and utilize their most valuable asset: their data. Software, solutions and services are available directly from Commvault and from a global network of proven partners. The company employs more than 2.300 highly qualified people worldwide, is traded on the NASDAQ (CVLT) and is headquartered in Tinton Falls, New Jersey, USA.