Ransomware Recovery Guide for MSPs

Written by Michael Elliott

Data, and the value to a business that it represents, is the key to not only a business’ profitability, but its entire existence. Bad actors (hackers) want to exploit that value for their financial gain. When your client gets hit with Ransomware, they lose access to their data – the lifeblood of their businesses. When it happens, the inevitable question you’ll ask yourself as an MSP will be: what could I have done differently? Can I get my client’s data back? Will both of our organizations survive and if so, what can I do differently next time?

Ransomware /noun/:
a type of malware that encrypts your client’s data files making then unusable by your client’s applications. It generally comes in two forms, Locker, which encrypts the whole hard drive of the computer or Crypto, which only encrypts specific, yet extremely important, files. Once encrypted, the hacker will require that you pay a fee (usually in bitcoin) to unencrypt your data.

Ransomware is the most malicious malware derivative to which one can be exposed. So malicious in fact, it can leave your clients struggling to operate. According to a 2016 State of Ransomware report conducted by Osterman Research, 20% of ransomware cases leave the organization unable to recover and ultimately lead to the closure of their business.

So, what do you do when the inevitable happens? When it comes to recovering ransomware encrypted data, there are three options:

  • Pay the ransom and hope. Unfortunately, a study published by the CyberEdge Group reports that in 2018, 50.6% of victimized organization that paid a ransom still lost their data.
  • Use the various tools available to attempt to unencrypt the data. This requires extremely large compute power not available to most MSPs.
  • Execute your Business Availability plan and roll back to the point in time before the ransomware attack occurred.

Logic would dictate that the only sure way to recover is by executing your Business Availability plan; a comprehensive plan that focuses on how to effectively prepare for the inevitable and keep your client’s data safe both locally, and in the cloud.

Preparation is Key

So, you haven’t been attacked yet. What should you do to prepare? The following 3 steps will spur thoughts about what you need to do in advance to prepare for the inevitable.

  1. Plan for an attack: You should already have a robust security policy in place that includes patching cadence, antivirus protection, network security protocols, managed detection and response and a host of other security defense mechanisms. Understanding that the inevitable is going to happen and preparing for it is critical to how you recover. Developing security policies and guidelines on behalf of your client for when they are attacked is the best defense for mitigating the harm and returning their systems back to normal.
  2. Train your client: One of the biggest items you can provide for your clients is ongoing security training. Teaching your clients how to recognize phishing attempts, securing their equipment, and restricting access to unsecure websites will go a long way in keeping bad actors at bay.
  3. Develop a Business Availability plan: The only way to minimize data loss from Ransomware is to have in place a comprehensive Business Availability plan that accounts for your client’s cloud, server, hypervisor, application, and file layers. Ensuring the recovery and business continuity at all 5 layers is critical to the continued operations of your client’s business.

When the inevitable happens, speed of recovery is everything. And speed is contingent on the Business Availability provider you choose. Axcient’s Business Availability suite was built exclusively to protect everything, and when the inevitable happens, to return your client’s to full operational capability as seamlessly as possible.

Michael Elliott is an accomplished product marketing executive with over 20 years of enterprise technology experience. As a marketer and thought leader, he has worked with companies globally on their business and marketing strategies with a focus on cloud solutions and sales growth. He is an accomplished writer and presenter and has been featured in Forbes, Information Management, Data Center Knowledge, and Software Development Times.