7 Steps to Recover from a Ransomware Attack

Ransomware is a type of cyberattack often used against companies of all sizes. Once the malware that this type of attack uses is downloaded to the victims’ device, it seeks out and holds corporate data hostage. It does this by locking you out or encrypting the data so that it is indecipherable. Your organization then must pay a ransom to restore your access – hence the name.

With threat researchers at SonicWall Capture Labs finding that there was a record-breaking 495.1 million ransomware attacks in 2021, this 148% year-on-year increase over 2020 means that last year was the most costly and dangerous year on record for organisations across the globe. And with ransomware demands surging by a staggering 518% in just the first half of 2021, that represents a major threat to any business.

But Veeam believes that the best offence is a good defense, and their 2021 Ransomware Retrospective report has the data to back this up. The study, designed to understand the impact of ransomware on the global IT community and its customers, found that an impressive 92% of Veeam customers didn’t have to pay any ransom to restore their data.

And recovering from a ransomware attack cost 85% of Veeam customers polled less than US$25,000 overall. With measurable data like this, it just goes to show how valuable having an effective backup process is. Having secure, timely and reliable backups for your corporate data is crucial, but it’s only part of an effective Ransomware Recovery Plan.

Read on to find out our 7 steps to recovering from a ransomware attack.

What Are the 7 Steps?

Step 1: Have a Comprehensive Cybersecurity Incident Response Plan (CIRP) in Place

While the hope is always that you will never have to deal with a cyber-attack of any kind, an attack takes place every 39 seconds. And so, while it may seem like an odd thing to have in a ransomware recovery plan, your first step should be ensuring you have a detailed cybersecurity strategy that is comprised of three main layers.

The first, of course, is protecting yourself from an attack in the first place. The second layer is a comprehensive Cybersecurity Incident Response Plan – a strategy that lays out exactly what your staff should do when an attack is in progress. The main goal with your CIRP is to mitigate the damage that a cyberattack can cause as well as help begin your recovery process.

This recovery phase is the third layer of your cybersecurity strategy and arguably the most important in terms of the actual cost of an attack. The reason is the longer it takes to restore your data and get your systems back online, the more it impacts your bottom line.

 

Step 2: Implement Backup Plans for All Your Corporate Data

With digital workspaces and a remote workforce becoming the norm for the modern workplace, many companies have made the switch to using the powerful services offered by Microsoft Office 365. But while Microsoft has resilience at the heart of these tools, something they don’t offer is a comprehensive backup solution.

And yet many overlook this shortfall, with 81% of IT professionals saying that they experienced data loss in Office 365. When you consider that companies are storing as much as 60% of their sensitive data in cloud-based Office documents – 75% of which isn’t currently backed up – that is a worrying statistic. And so, your second step should be deploying solutions like Backup for Microsoft 365 across your organization.

 

Step 3: Employ the 3-2-1 Data Backup Rule

The 3-2-1 rule is nothing new. In fact, Veeam have been advocating the concept since their very first days in business. And while IT professionals, and anyone tasked with keeping corporate data safe, have been using the principle since the beginning of time – we can thank photographer Peter Krogh for the phrase.

The 3-2-1 rule isn’t complicated and simply states that you should have three (3) copies of data stored on two (2) different types of media and one (1) copy should be off-site. Now while the most critical data sets of today often have 4 or even 5 backup copies in place, the basic rule is your best starting point.

 

Step 4: Understand the New Ransomware Incident Reporting Regime

While many industries have regulations regarding the reporting of any kind of cyberattack, proposed new legislation from the Australian government will make reporting ransomware attacks mandatory. According to this plan, any business with a turnover of more than $10 million per year will have to submit a report to the Australian Cyber Security Center or face possible civil penalties.

 

Step 5: Protect Your Workloads and Processes with DRaaS Solutions

With cyberattacks being as prevalent as they are, having an effective Disaster Recovery solution in place is an essential part of any cybersecurity strategy. This used to mean having an offsite facility where your data was backed up on expensive storage gear, but Disaster Recovery as a Service (DRaaS) solutions have changed the game for businesses of all shapes and sizes.

DRaaS solutions like Veeam® Backup & Replication™ use a cloud-based data protection approach where your organisation’s physical services and/or virtual machines (VMs) are replicated, stored and hosted using public or private cloud resources. This essentially means that you will instantly be able to recover files, NAS shares, entire VMs, databases and more.

 

Step 6: Undertake Security Awareness Training for Your Employees

Your employees are the weakest link in your cybersecurity strategy. And despite 90% of organisations claiming that their employees have undergone phishing awareness training, a report by the Office of the Australian Information Commissioner (OAIC) reports that data breaches as a result of human error are up by 18%. And many successful cyberattacks on organisations start with phishing emails.

 

Step 7: Test Your Ransomware Recovery Plan

Many ideas and plans are great on paper but tend to fall apart when it comes to execution. Nowhere is this more true than with cybersecurity. Business is evolving every day, and the cyber threat landscape is evolving right along with it.

If you’re not testing your entire cybersecurity strategy regularly, including your ransomware recovery plan, you will never know if there are interdependencies, gaps and areas that need improvement. Cyberattacks can take any number of forms, and your ransomware recovery plan needs to be agile enough to respond to whatever that may be.

 

Take the Next Step in Your Business Continuity Plan

If you want to discuss how prepared your organization is for a ransomware attack and explore whether a Veeam cloud data protection solution is the right fit for your organization, then contact us today. Our solution experts will answer any questions you may have and help identify where your Ransomware Recovery Plan may fall short.

Call us on 1300 842 835 (1300 VIATEK)

Email us at itsales@viatek.com.au

5 Reasons to Switch to Hybrid Cloud

colleagues having a discussion in the office

Hybrid cloud is no longer an emerging trend – it’s now reshaping how organisations will function now and in the future. If you’re not yet across it, in a nutshell, it’s all about enabling businesses to meld on premise, private and public cloud capabilities and allowing for the share of data and app migration between different clouds.

Taking a hybrid approach allows IT teams to become more agile and efficient as they manage changing business needs. So why should you switch to a hybrid cloud? Here are the top 5 reasons.

1. Meet your scalability requirements

With a hybrid cloud, businesses can choose the best cloud to run each job and manage critical app data – both of which are increasingly important, as there’s no way to define what cloud is best for a company’s needs.

For example, if an application has unpredictable demand characteristics or highly dynamic usage patterns, public cloud services that are more elastic in nature may fit the bill.

2. Cost savings by converging Clouds

If you’re trying to keep IT costs down, a hybrid model has the potential to provide greater economic control, while helping teams manage their multi-cloud environments.

In the same way you can converge different IT silos or resources in your private cloud, you can now converge clouds. This means IT departments can treat multiple clouds – public, private and distributed as one cohesive IT operating environment.

3. Meeting Security and Compliance Needs

Data security is front of mind for all businesses. For some industries protecting data is absolutely critical – it must be tightly governed and cannot live outside their own infrastructure, making public clouds no use to them. Having a hybrid

option gives them flexibility. Many businesses are now realising the hybrid cloud is the most secure option.

4. Flexibility and agility

Many IT pros are enjoying how hybrid cloud provides interoperability between cloud types. It allows businesses to use one kind of cloud, then switch later to another cloud if there’s a more efficient option. On occasion, you might need rapid access to IT services and to meet these demands you may need a public cloud – but you can change.

5. Enhanced Mobility for Apps and Data

Many businesses are now seeing app mobility across cloud environments as “essential” because it’s critical for managing resources and costs. Customers are asking for real-world app and data mobility across their hybrid cloud infrastructure. They want to migrate applications and data to the best cloud and have the ability to change again when business conditions change.

Summary

As more IT departments converge private and public cloud operations, new challenges are sure to arise, but the benefits of hybrid cloud – agility, cost and resource efficiencies, plus app and data mobility – will help organisations find the right balance to meet ever-changing needs.

Talk to Viatek today to learn how we can help your business find the right hybrid cloud solution to meet your needs with HPE SimpliVity powered by Intel® Xeon Scalable processors and Intel® Optane SSD.

Intel, the Intel logo, the Intel Inside logo, Xeon, and Intel Optane are trademarks of Intel Corporation or its subsidiaries.

Hybrid Cloud for SMBs Now and What’s to Come

office worker at the computer desk

Spend on IT for small and medium sized businesses is now a big cost consideration.

Overall, spending on IT by small (<100 employees) and medium-sized (100–999 employees) businesses (SMBs) worldwide will reach USD1.4 trillion in 2024. Spending on infrastructure will account for approximately 20% of this total.

It’s expected that spending on cloud solutions will outpace that o on-premises options, but SMBs will continue to rely on on-premises hardware due to the greater perceived security and control over data.

It’s for this reason many SMBs are increasingly being attracted to hybrid cloud (a mix of public cloud and private cloud, which often includes legacy infrastructure), which combines the best of both worlds: it offers the security of private cloud and the versatility of public cloud.

In the future, it’s likely SMBs will require additional support as the hybrid IT environment becomes more complex, thereby creating opportunities for managed service providers (MSPs). Vendors and partners should offer economical packaged services and products to SMBs.

Cloud technologies have become an important part of IT strategies in the last decade. As SMBs digitise their businesses, they’re choosing to use only public cloud, only private cloud (on-premises and hosted) or hybrid cloud.

A hybrid environment offers the security of private cloud while running front-end applications such as productivity tools, project management and CRM in the public cloud.

So, what’s to come?

There’s currently a shift towards next-gen cloud-native applications developed in agile and DevOps approaches, many enterprises are still using a number of traditional applications, including systems of record (ERP, CRM, etc.).

Here, some applications are suited for public cloud and others are better on prem. Moreover, the emergence of containers and serverless methods can result in higher degrees of portability and abstraction. These requirements mean that from an infrastructure perspective, a hybrid model is necessary.

Yet several pain points exist – changes in business processes, increased complexity of multi-vendor management, data movement/migration limitations, data governance across a multi-cloud environment, and above all, additional security and data sovereignty.

If enterprise IT is to support digital business in the longer run, these challenges must be overcome by a robust hybrid-cloud strategy. Only then will it be possible to efficiently deliver the applications and services and meet business needs.

There certainly could be various combinations to deliver a hybrid strategy. Some of the key must-haves include:

  • A clear, multi-public cloud enablement platform
  • Modernised on-premises and private cloud environments to meet the operational capabilities similar to those on the public cloud
  • Strong monitoring and orchestration capabilities, heavily automated and have real-time operational visibility while providing consistency across different environments
  • Strong integration capabilities across multiple environments and a multi-tool ecosystem
  • A next-gen operating model that allows for extensibility into the growing trends around DevSecOps, insights-oriented, AI-driven, Edge and IoT disruptions that will also mandate the need for new set of infrastructure KPIs and metrics
  • All-new development that takes advantage of the portability of containers and microservices, and leverages serverless architecture where possible
  • Stringent security models that adhere to all network and data compliance requirements.

For businesses looking at transformation, driving innovation or future-proofing themselves, hybrid cloud is certainly a strong route to take. The industry is in a state of maturity today, as challenges involving designing, architecting, building, and operating a hybrid setup have already been addressed. The hybrid vision should look at the next three to five years, which implies close alignment with future business and technology initiatives.

Talk to Viatek today to learn how we can help you find the right hybrid cloud solution to meet your business needs with HPE SimpliVity powered by Intel® Xeon Scalable processors and Intel® Optane SSD.

Intel, the Intel logo, the Intel Inside logo, Xeon, and Intel Optane are trademarks of Intel Corporation or its subsidiaries.

Maryvale Private Hospital

Viatek Technology, a provider of information technology and communications business solutions, has announced the signing of a multi-year IT managed services contract with Maryvale Private Hospital located in Gippsland, Victoria.

Continue reading

Deep Dive on HPE SimpliVity

Two Technology Workers Discussing HPE SimpliVity

Hewlett Packard Enterprise’s (HPE) SimpliVity is the industry’s leading implementation of Hyperconverged Infrastructure (HCI). Read our deep dive on HPE SimpliVity here:

Continue reading