Recovery from a Ransomware Attack

When your company is under attack by ransomware, every second counts. The automated processes attackers use will encrypt files much faster than a person can respond to them. Even if the management team decides to pay a ransom, the encryption keys sometimes don’t work, or they work so slowly that companies are brought to a standstill as they are forced to try to recover without the key.

Before any recovery can take place, your IT department needs to rapidly stop the attack without taking time to determine the underlying causes. Early detection is critical, and employing a service like Panzura Data Services can alert your IT department when increased data movement might signal a ransomware attack.

Time is of the essence at this point, and stopping the incursion is the first step for your company to attempt to recover from an attack on your data.

1. Evaluate and Assess the Damage

After stopping the attack, which might involve disconnecting the affected server(s) from the internet and rebooting, your IT team will need to complete a thorough investigation of which files were encrypted. Then a hierarchy needs to be established for which files need to be restored first, so employees can get back to work.

If you’re using Panzura, the files in your cloud storage that are already encrypted have been written as “new” data snapshots in the cloud, alongside your unencrypted data snapshots. Panzura snapshots of user files are taken every minute and cannot be changed. The unencrypted data can be restored after you stop the attack and identify the damages.

2. Clean Up

The IT team will need to review the previous and current states of all your systems, continuing to monitor and mitigate against the attack. In addition, they will need to establish steps to bring your data back online safely. There are cybersecurity remediation firms that can help with this discovery step.

The Panzura global file system CloudFS has a data services layer that can provide a list of encrypted files, their creation date and their location. Once it is determined when the folders and files were encrypted, they can then be rolled back to their best version and restored to their unencrypted state in priority order. This can be done relatively quickly when using a Panzura system. It can take much longer with other systems. In addition, Panzura does not require egress fees for restoring data.   

3. Get Access to Files

While part of your team is doing discovery, another group will need to provide employees with clean and current project data so they can get back to production. Panzura has a group of cloud security experts that can help with detecting any ongoing attack activities and stopping them from writing any further encrypted files.

The best scenario for your company is when downtime after an attack is minimized. This will give you the ability to continue working and meeting customer deadlines.

A study by the University of Minnesota reported that 93% of companies that lost their data center for longer than ten days filed for bankruptcy within one year. When it comes to ransomware, the survival of your company is literally at stake. Therefore, it makes sense to employ the best solution available for making your company ransomware resistant. Today, that solution is Panzura.

---

To find out more about using Panzura for data security, reach out to the experts of the Applied Software Digital Transformation Team and start a conversation with one of the Panzura experts.