How to recover from Ransomware

How to recover from Ransomware

Last week on the 4th July, Independence Day in the US, there was a huge cyber attack. The hackers are demanding 70 million dollars in the form of a ransom payment. In this blog, I'll tell you exactly what happened and how you can protect your business.

You might have seen this on the news or read about it online.

There is a ransomware organisation called REvil - which is short for Ransomware Evil. They're whole reason for existence is to hack into organisations and encrypt all of their data so you can't access anything. They then demand a ransom in exchange for your data.

And if you don't pay it - well they'll publish all of your data on their blog - which is aptley named the 'Happy Blog'

This is a situation that no business wants to find itself in.

Last week on the 4th of July, REvil hacked into a company called Kaseya.

Kaseya provide IT software to IT companies. Most IT support companies, like Integral IT use management software to secure and manage all of the computers that we support. The management software is an essential part of our toolbox - like a carpenter using a saw.

The hackers found a vulnerabilty in the Kaseya software. A vulnerability is a weakness or a security flaw.

They were able to use this vulnerabilty to spread ransomware across lots of businesses.

If you look closely, it makes perfect sense. They can hack into one business and spread ransomware

But if they hack into a company like Kaseya, they can then access the software of multiple IT companies and therefore access the devices of hundreds or thousands of different businesses. This is what has happened.

This also represents a worrying trend. IT software companies are getting targetted for this reason. This also happened to another IT company called Solarwinds last year.

So how does this affect your business and what can you do about it? Although this attack happened primarily in the US, we see ransomware attacks every week right here in the UK. We're based in North Yorkshire and we see accountants and law firms in small market towns getting hit with ransomware. The reason we don't hear about this is because they're just not newsworthy. So if you believe that your business is not going to be a target, then think again. Have you ever asked yourself the question - what would happen if we got struck by ransomware? How would we recover? This is a business question, not an IT question.

Back in May I made a video showing you my top tips on how to prevent a ransomware attack in your business. I won’t go over those tips again, but you can see those on my YouTube channel

But there is another side to ransomware that I want to talk about - that is how to recover from a ransomware attack… quickly before it starts to affect your business.

The analogy I use here is trying to secure your home from getting burgled. There are lots of things you can do to minimise this risk

You can have good locks on all the doors and windows. You can buy a burglar alarm You can even have some guard dogs.

But you also need some strategies in place for if you do get burgled. You can put all the security in place, but you can never guarantee it won’t happen.

So you might have some CCTV so you can identify intruders and you will have a good insurance policy to help you recover and replace items that are stolen.

The same is true with ransomware. We can implement lots of security measures to minimse the risk, but we can never guarantee that you won’t get hacked.

As a business, you need some strategies to help you recover from a ransomware attack. The number 1 way to recover from a ransomware attack is to have a robust backup in place.

That way should your business get ransomware, you can recover quickly. It’s not just a simple case of saying “yes we have a backup”.

And what I am going to do is talk about my four strategies for ensuring your backup is robust and is actually protecting your business.

Tip 1 - Have a backup

My number one tip is to ensure you have a backup in place.

Does that sound too simple?

Well back in November, we took a call from an accountant in Harrogate who had been the victim of a ransomware attack. He came to us because his existing IT company had told him he didn’t have a backup in place so he had effectively lost all of his data

He thought he had. He had been paying for one. He trusted his IT provider

As a  business owner, how do you confidently know you have a backup in place?

Tip 2 - Test your backups

My second tip is to make sure that your backups are tested.

Hackers are getting clever. They know that backups are the key to recovering from ransomware, so what are they doing?

They’re hacking into your network and trying to disable the backups days, weeks and even months before they strike with their ransomware.

This means you could be blissfully unaware that the robust backup you have isn’t actually working.

Tip 3 - Robust backup software

My third tip is similar to my second tip, but different.

You have to make sure the backup technology you use is fit for purpose.

Do a full recovery of your system every quarter, pretend you have ransomware and see how long it takes for your entire business to recover.

We recently dealt with a client who came to us because they had ransomware. They had a backup in place but  it took several days to recover. That’s four days with staff not able to do any work and serve any customers.

That amount of downtime would have a massive impact on any business.

Tip 4 - Offsite backup

My fourth tip is to make sure that your backups can’t get ransomware too.

That would be a disaster.

I’ve seen it so many times where a business gets ransomware and the attack affects their backups too.

The best way to do this is make sure you have a recent copy of your data offsite in a location completely separate from your main business premises.

So there are my four tips to ensure that your backups are good enough for your business to recover from ransomware.