Ransomware Disaster Recovery

As I’ve mentioned before, ransomware is becoming the preferred attack today and you can see the renewed effort to fight it in the IST Ransomware Taskforce.

For home users, some good backup plans and other preventive practices should include:

1. Use MalwareBytes or another anti-malware program.

2. Backup backup backup (Airgap ideally, which means disconnect your external hard drives from your home network when not needed).

3. Install security updates from Microsoft, Apple and other vendors.

4. Beware of phishing emails with links and attachments.

5. Set the least privilege you can on stuff that is valuable. For example, set write permissions on your files to off on your external hard drives.

6. Educate your users at home against phishing and social engineering.

However, an organization should have a disaster recovery plan (DRP) to prepare for events like a natural disaster, cyber attack, or even business disruptions related to the COVID-19 pandemic.

Though a DRP can’t guarantee recovery within a certain timeframe, a ready DRP will help minimize damage by regaining access and functionality as quickly as possible.

From CompTIA:

1. Purpose and Scope
Reason for and what it encompasses.

2. Recovery Team
Clearly outlined team for recovery, including roles and training.

3. Preparing for a Disaster
Entities that could impact an organization; safeguards and procedures in force to reduce risk of disaster.

4. Emergency Procedures
What should happen when disaster happens. Alternate sites, vendor contact, off-site storage.

5. Restoration Procedures
Full recovery plan to return to normal operations. Facilities recovery plan, systems and operations, communications, client computer recovery.

This is just the planning, read specifics on prevention, recovery, and best practices.

One thought on “Ransomware Disaster Recovery”

Leave a Reply

Your email address will not be published. Required fields are marked *