How to Resolve a Ransomware Attack

Ransomware is top of mind for every large organization these days. The unfortunate truth is that you can’t really prevent an attack. The hackers are clever, resourceful, and have all the time in the world to find ways to infiltrate your systems. Plus, if your organization is large enough, there’s always going to be someone who clicks on that suspicious link, no matter how many times your security team warns them not to do that.

So, what do you do when you are struck with ransomware? How do you recover quickly enough so your business doesn’t suffer lasting or even permanent damage? We worked with our ransomware and security experts here at Nasuni to create an easy-to-read infographic with all the key information about how ransomware attacks impact organizations, and how to resolve them. You can read it below. We’ll then go over a quick summary of some of the key points.

Ransomware Attack Timeline

The basic timeline of an attack plays out like the IT horror story version of the old choose-your-own-adventure books.

1. The Attack: A typical enterprise attack might impact 400 employees, 1 million files, and 100 servers. Once IT recognizes the problem, the attackers demand something in the range of $500K if you want to decrypt your files.
2. The Debate: To pay or not to pay? No one wants to hand over that kind of ransom – especially not to malicious hackers – so most companies first try to restore from snapshots. Some organizations then discover more bad news: The ransomware was planted prior to the last snapshot. These organizations often have no choice but to pay the ransom, and hope the hackers actually provide effective encryption keys.

   The companies that have older, unencrypted backups have a different choice on their hands.

3. The Wait: Even if you do track down clean, unencrypted versions of files, restoring from backup and rehydrating file servers is not a quick process. Large organizations might be down for days or even weeks. For some companies, that translates into millions of dollars in lost business. The prospect of paying those hackers for the encryption keys starts to seem more appealing.
4. The Letdown: One of the other tragedies of a ransomware attack is that whether you decide to pay or not, whether you recover within days or weeks, there’s no guarantee you won’t be hit again. 80% of companies that pay the ransom get hit again.

Rapid Ransomware Recovery

Unlike traditional backup or tape, you don’t have to move any files or rebuild file servers—you simply point back to previous, uninfected versions in the Nasuni Management Console. As a result, recovery is fast, and it’s scalable, too. With Nasuni, it takes the same time to recover 1 file or 100 million files. In fact, our engineering team did a live test. They encrypted 1 million files and then recovered them. How long did it take? 5 hours? 1 hour? A few seconds? Watch below and find out:

Play video

The reality of a ransomware attack isn’t pretty if you’re relying on traditional or even cloud-based backup. But Nasuni’s built-in, ransomware protection and rapid recovery approach is an entirely different solution. It’s based on an enterprise-tested cloud technology that operates at a global scale. Files are continuously versioned to the cloud, and the file system resides in the cloud, not on local hardware, which allows for surgical restores of the infected files to a point in time just before the infection.