<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=446209&amp;fmt=gif">
Our commitment to your projects is absolute and unwavering. Read WEI's official statement regarding COVID-19

Managing Ransomware Attacks: The Best Offense Is A Good Defense

  Michael Thweatt     Oct 16, 2018

ransomware-attacksPopping up on prime time television and local news reports, ransomware is so commonplace it has practically become a household phrase. The frequent attacks have made it a focus area for many enterprises because high-profile attacks against them have risen dramatically in the past few years.

According to ESG research, nearly two-thirds of surveyed organizations across North America and Western Europe have experienced a ransomware attack in the last year, with 22 percent reporting weekly attacks.

Recent high-profile attacks include the Pennsylvania Senate Democrats who ultimately paid $700,000 to rebuild their IT infrastructure from scratch, a fetal diagnostic lab in Hawaii which compromised the records of more than 40,000 patients, and the Bristol Airport in England who resorted to using paper posters and whiteboards to announce check-in and flight information after they lost all in-house TV screens.

New Call-to-action

The Impact Ransomware Has on Enterprises

The consequences to these organizations and others are far reaching, not only having a negative impact on the confidence of their employees and consumers, but also potentially destroying mission-critical data that can’t be reproduced easily or without major financial repercussions. 

Even in cases where an enterprise might choose to pay, the ransomed data would likely be considered too risky or corrupted to use – if it was even released at all.

Also to be considered, the real-time impact on companies while their information is being held. Data and systems unavailability can trigger a domino effect of other technical and business consequences. ESG research found that 71 percent of surveyed organizations could not tolerate more than one hour of downtime for their high-priority applications, which tend to be the same ones primarily targeted by ransomware.

Additionally, from a recovery point objective perspective, 51 percent of organizations surveyed by ESG report that 15 minutes of data lost by those same applications is the maximum they can withstand without significant business impact including:

  • Loss of Customer Confidence
  • Direct Loss of Revenue
  • Missed Business Opportunities
  • Loss of Employee Confidence
  • Damage to Brand Integrity
  • Reduced Stock Price


Best Practices To Avoid Ransomware Attacks

While there is no magic solution to completely avoid ransomware attacks, there is an opportunity to implement systemic and resilient IT measures and best practices to mitigate the dangers.

FREE Tech Brief - 3 Survival Tips for Ransomware

To fend off attacks, there are several recommended factors and activities to focus on:

  • End-user education and mock phishing done by a third-party security partner can educate all staff, but especially less experienced, on how to identify suspected attacks or malware.
  • E-mail and web control are crucial, especially as email phishing is the most likely entry point for an infection. Use tools that can identify and block suspicious e-mail, scan for known ransomware or malware, and isolate attachments for analysis. This is vital for native cloud applications like Office 365.
  • Endpoint security controls that prevent file-based and file-less ransomware, as well as other malware, are highly effective. Only allowing known-good software on employees’ endpoints significantly reduces the risk of an executable wreaking havoc and spreading via the network.
  • Network-based controls are vital in preventing the spread of ransomware by protecting all ports and protocols, and monitoring all traffic on the physical or virtual network.

Finally, a focus on incident response and preparedness must be front and center to thwart or recover from an attack. Enterprises should test their incident response plans, including the ability to effectively restore production systems and data.

Best Practices For Backup And Recovery After A Ransomware Attack

Beyond cybersecurity measures, backup and recovery are important to ensuring uptime and need to be optimized. Best practices include:

  • Training IT staff and administrators who are regularly in close proximity with and have access to critical infrastructure. Consider a dedicated backup team; making sure there is a cadence for training on security, networking, and storage best practices.
  • Follow the 3-2-1 rule, which requires three copies of enterprise data saved on two different media, one of which is offsite. For an additional layer of security, one copy of the storage media should be kept completely offline, or air-gapped, without direct access to the internet, any IT network, or any other computer.
  • Manage access controls and use different credentials for backup roles and permissions to access the backup application, the data repository, and the network. Using a different file system for backup storage can also help stop the spread of ransomware.


How Veeam’s Platform Can Be your Secret Weapon for Ransomware

Veeam’s Hyper-Availability Platform offers data availability to enterprises no matter where the data lives. It is perfectly suited for ransomware protection with a direct focus on data centers and endpoints.

BONUS TB-10 key Q's to ask about DRaaS

On the data center side, Veeam allows organizations to restore data infected by ransomware to a known-good state. End-users can use the Veeam Availability Suite to perform granular restore operations by databases, applications, files, and operating systems, but it is likely complete recoveries will be needed to restore systems affected by ransomware. Veeam also provides advanced protection for popular online applications like Microsoft 365.

Endpoints can be a first line of defense from a cybersecurity perspective because they are often the primary entry point of ransomware attacks. Veeam Agent for Linux and Veeam Agent for Microsoft Windows are solid backup tools for laptops and PCs that provide image-based backup and recovery for non-virtualized systems.

Ransomware Is Here To Stay

Ransomware is going nowhere fast and will continue to grow as a threat to enterprises around the world, creating an ever-evolving challenge for cybersecurity and data protection professionals.

Ransomware needs to be managed with a combination of best practices and tools spanning a wide array of technologies. Even the best prepared organizations are vulnerable to data and system availability failures caused by cybercrimes, which makes the role of backup and recovery technology and related practices even more vital.

Optimizing data and systems availability requires careful planning and a strong set of tools to recover assets and services in a timely fashion with limited losses. Veeam’s Hyper-Availability Platform does just that, and has already helped numerous enterprises to a successful recovery.


Learn how network segmentation can also be a helpful strategy for mitigating cybersecurity risk in our paper, Using Network Segmentation to Manage Malware and Ransomware Risk.

New Call-to-action

Tags  ransomware cyber security backup and recovery security strategy enterprise security Veeam IT Security DRaaS

Michael Thweatt

Written by Michael Thweatt

Mike Thweatt, Sales Executive at WEI, helps our customers transform IT from a cost center to a new profit center by aligning solutions that will provide our customers with their desired business outcomes. Mike’s specialties include transforming technology features into quantifiable business value, strategic market planning, and cultivating collaborative relationships. Mike holds VMware, HPE, and Fortinet certifications.

About WEI

WEI is an innovative, full service, customer-centric IT solutions provider. We're passionate about solving your technology challenges and we develop custom technology solutions that drive real business outcomes.

Subscribe to WEI's Tech Exchange Blog


see all
Contact Us