Recovering From A Ransomware Attack

More than half of businesses were hit by a ransomware attack in 2019, at an estimated total cost of $11.5 billion. That’s per a recent survey cited in an article that bypasses the question of prevention and goes straight to a primer on recovery, with five recommended steps. The first is infection detection, which can be difficult precisely because ransomware is designed to be hard to detect. Having a cybersecurity system that can spot unusual behavior, such as “abnormal file sharing,” is highly recommended. Step two in this discussion is containment – isolating the infection and stopping further spread. It’s recommended that this be automated, for the simple reason that many attacks occur after hours when administrators are not monitoring systems. Step three is restoring the affected data, a step that is contingent on having adequate backups . . . The recommendation here is what this post calls “the 3-2-1 backup rule.”