What to do in the event of a breach
Recovery from a ransomware attack can be a challenging and sometimes costly process. The recovery process can vary dramatically depending on whether you have no protection at all versus having backups and a file recovery system in place. Here’s a comparison:
Without Cryptoloc Protection
Step 1
Identification
The first step is to recognize that you’ve been hit by ransomware. This could be through a ransom note displayed on your screen or by finding encrypted files.
Step 2
Isolation
Once identified, you should immediately disconnect the affected devices from the network to prevent the spread of ransomware to other connected devices.
Step 3
Assessment
Determine the extent of the damage. Which files have been encrypted? What kind of ransomware is it?
Step 4
Decryption Options
Some ransomware variants have publicly available decryption tools thanks to cybersecurity researchers. It’s worth checking if a tool is available for your ransomware variant.
Step 5
Paying the Ransom
This is a controversial step. The Australian Cyber Security Centre strongly advises against paying a ransom. Paying the ransom doesn’t guarantee that you’ll get your files back, and it encourages and funds the cybercriminals. However, for some businesses or individuals, it might be seen as the only option, especially if the data is critical and irreplaceable.
Step 6
Clean-Up
If you decide not to pay or even after retrieving your files (if the attackers keep their promise), you’ll need to clean the affected system(s). This typically involves wiping the system and reinstalling the operating system and applications from scratch.
Step 7
Data Loss
If you have no backups and can’t decrypt the data, you may have to accept that you have permanently lost all your data.
Step 7
Post-Incident Analysis and Prevention
Understand how the attack happened and implement learnings from your experience to be able to prevent future incidents and recover faster and easier.
With Cryptoloc Protection
Step 1
Identification
The first step is to recognize that you’ve been hit by ransomware. This could be through a ransom note displayed on your screen or by finding encrypted files.
Step 2
Assessment
You’d still assess the damage, but you can access of your files live on the Cryptoloc Cloud to view your incident response plan or carry on normal business operations.
Step 3
Restoration
Restore the infected devices and with Cryptoloc backup and file recovery system in place, you can restore your system and user files from any point before the ransomware attack. This significantly reduces the downtime and loss.
Step 4
Validation
Using a file-based backup system ensures that the backups being restored are clean and free of ransomware or any other malware.
Step 5
Post-Incident Analysis and Prevention
Analyse the breach and put in place any preventative measures identified. Having a backup is essential, but prevention is always better. Check to ensure all essential files and data are under Cryptoloc’s protection.
Step 6
Regular Backup Checks
Access the Cryptoloc Cloud and check the status of all your backups on a single easy-to-view page to confirm their successful execution.
Having a robust backup and recovery system is one of the most effective measures against ransomware. Regular backups can save you significant time, money, and stress in the event of an attack. Additionally, always ensure to keep your software updated, use a good security solution, and train employees or users about the risks of phishing emails and suspicious attachments.