How to recover from ransomware 2017

•

0 likes•261 views

Ransomware is the biggest cyber and continuity risk in 2017. It’s not just the NHS and small businesses – everyone is vulnerable. We’re even seeing global enterprises with big security investments and dedicated security teams get infected. Importantly, you have more options than to either pay the ransom or lose your data. It’s possible to recover without any significant data loss, zero downtime and in some circumstances – without your users even knowing there was a problem. How ransomware works and why it is breaching organisational defences The best methods for prevention The Incident and crisis management and escalation process A step-by-step guide to recovery

Technology

www.databarracks.com | 2www.databarracks.com | 2
INTRO &
AGENDA
Duration: 30 mins
(including Q&A)
Type questions on
the right
Q
• What it is and how it works
– How ransomware works and why it is breaching
organisational defences.
• Prevention & mitigation
– Methods
– The Incident and crisis management &
escalation process
• Recovery
– A step-by-step guide to recovery
*Slides will be made available and sent out following this session

www.databarracks.com | 3www.databarracks.com | 3
WHAT IS
RANSOMWARE
AND HOW
DOES IT
WORK?

www.databarracks.com | 4www.databarracks.com | 4
KEY FACTS
• The encryption is to all intents unbreakable so
backup data copies are the only guarantee to
limit data loss
• There is a deadline for payment – which forces
action –recovery or payment

www.databarracks.com | 5www.databarracks.com | 5
WANNACRY
• How it spreads
– Installed by a worm
– Uses Eternalblueexploit for
Server Message Block (SMB)
• US$300 ransom in bitcoins
• Ransom doubled after 3 days
• Files deleted after 7 days
What’s different?What’s the same?

www.databarracks.com | 6www.databarracks.com | 6
HOW MANY
DATABARRACKS
CUSTOMERS
WERE AFFECTED?
1

www.databarracks.com | 7
WHO IS BEING TARGETED AND WHY IS IT SO
SUCCESSFUL?
Why? Who?

www.databarracks.com | 8www.databarracks.com | 8
HOW DOES RANSOMWARE WORK -
BACKGROUND

www.databarracks.com | 9www.databarracks.com | 9
HOW DOES RANSOMWARE WORK -
BACKGROUND
Installation Contact with
command and
control
Search Encryption Ransom

www.databarracks.com | 10www.databarracks.com | 10
INCIDENT RESPONSE AND CRISIS
MANAGEMENT ESCALATION
Preparation Identification Containment Eradication Recovery
Lessons
learned
Creatinga written
policy and defining
severity
Identifyingwhether
somethingis, or is
notan incident
The steps to limit
the spread of
ransomware
Restorationof clean
data from before the
incident
Bringingthe
recoveredsystems
back online
How do we improve?

www.databarracks.com | 11www.databarracks.com | 11
HOW TO RECOVER
vs
Backup Disaster recovery

www.databarracks.com | 12www.databarracks.com | 12
HOW TO RECOVER
• Increase the frequency of
backups
• Review (and extend) retention
policies
• Optimise connection speed
between target and recovery
environment (general)
• Improvespeed of finding most
recent clean backup
Improving the Recovery Point
Objective
Improving the Recovery Time
Objective

www.databarracks.com | 13www.databarracks.com | 13
RECOVERY
Time to recover:
1 restore
24 hour RPO
3 days

www.databarracks.com | 14www.databarracks.com | 14
RECOVERY
Time to recover:
1-2 restores
12 hour RPO
2.5 days

www.databarracks.com | 15www.databarracks.com | 15
RECOVERY
Time to recover:
4-6 restores
4 hour RPO
2 days 4 hours

www.databarracks.com | 16www.databarracks.com | 16
RECOVERY
Time to recover:
6+ restores
Zero RPO
2 days 2 hours

www.databarracks.com | 17www.databarracks.com | 17
HOW TO
TEST?
Tutorial SAN Failure Cyber-Attack
http://www.databarracks.com/resources/tools/

www.databarracks.com | 18www.databarracks.com | 18
IF YOU REMEMBER NOTHING ELSE!
1. Have a specific incident response plan for
ransomware
2. Review backup schedules and retention policies
3.The only way to guarantee that you don’t lose your
data is with historic copies of your data in backup or DR

www.databarracks.com | 19
RESOURCES
• The Business Continuity Podcast
– http://www.thebcpcast.com/
• Tabletop testing simulator
https://tools.databarracks.com/dr-
tabletop-simulation/index.html
• History of ransomware
– https://heimdalsecurity.com/blog/what-is-
ransomware-protection/
• Ransomware definitions
– http://www.trendmicro.com/vinfo/us/security/defini
tion/ransomware
• SANS Institute, IncidentHandler's Handbook
– https://www.sans.org/reading-
room/whitepapers/incident/incident-handlers-
handbook-33901
• CryptoLocker DGA
– https://blog.fortinet.com/2014/01/16/a-closer-
look-at-cryptolocker-s-dga

www.databarracks.com | 20www.databarracks.com | 20
THE BCPCAST
http://www.thebcpcast.com/

Similar to How to recover from ransomware 2017

MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017

Andrew Miller

WI_Symposium_Conference_2014

Kevin McDaniel

Backups and Disaster Recovery for Nonprofits

Community IT Innovators

iland and Veeam recently conducted a data protection survey of IT organizations worldwide. In this webinar, we summarize and analyze the survey responses so you canunderstand today’s data protection landscape. Then, we cover best practices that can help ensure thatyour organization, and its data,are properly protected Watch the webinar on-demand: https://www.iland.com/wb-data-protection-report/

The Great Disconnect of Data Protection: Perception, Reality and Best Practices

iland Cloud

Varrow Madness 2014 DR Presentation

Andrew Miller

Do not panic! You have a Disaster Recovery Plan, right❓ Whether you like it or not, your IT infrastructure is vulnerable. If you thought that making backups is enough to guarantee #businesscontinuity in the event of a disaster, you are wrong. ◾️ If something bad happens, how long will it take to recover my business data? ◾️ How will this affect my #business in the future? ◾️ How to resume operation after #disasterrecovery? ◾️ How much does it cost me to not have access to my critical data for some time? If you haven't asked yourself these questions, then you've probably never heard of a Disaster Recovery Plan. Better not to take this issue lightly, because it is assumed that 90% of companies without DRP will fail after a disaster. Moreover, nearly half of the small businesses that have implemented DR strategies, have never tested it.

How to plan Disaster Recovery in a five simple steps

Pawel Maczka

Problems are inevitable and a problem that hinders the operations of a company can be tagged as a Disaster. Technical glitches or security breaches can result in disasters and once it sets in, the organization can face huge issues. Now coming to disaster recovery. It can be defined as the process to evade or bounce back after a disaster. This helps them restore important documents. A cloud disaster recovery system aids the company to restore their files with the usage of cloud services.

How to Make an Effective Cloud Disaster Recovery Strategy.pdf

Sysvoot Antivirus

How to setup disaster recovery

Databarracks

Ransomware is a new threat, and new threats require new strategies. Within the first 15 minutes this webinar will provide you key strategies for surviving a ransomware attack. During the event Storage Switzerland and Commvault cover the three P's of Ransomware survival: Prevention, Preparation and Practice. Join data protection experts with decades of experience protecting organization's digital assets.

15 Minute Ransomware Survival Guide

Storage Switzerland

Is your organization ready for any disaster 2018 may throw at it? Organizations not only face new threats they also encounter decreased tolerance for downtime from users. The good news is there are plenty of new solutions that claim to improve an organization’s ability to recover from a disaster. But which one makes the most sense for your organization? And what about your processes? Recovery technology needs to partner with solid DR processes in order for an organization to see its way through the challenges ahead.

Webinar: 2018 Disaster Recovery Checklist - 5 Key Areas to Improve

Storage Switzerland

Continuity planners follow a methodology which elicits recovery requirements (RTO, RPO) from stakeholders and seeks to build capacity to meet those requirements. However, all disasters are not created equal and the reality is that most businesses, while able to meet those requirements for some scenarios, simply cannot meet them for more disruptive scenarios. Scenario-based Recovery Metrics give continuity planners a method to measure their ability to recover for a range of scenarios, from simpler to more complex. This facilitates measurement of deficits relative to the stakeholder's requirements for a range of scenarios. Furthermore, this method gives opportunity for continuity planners to dialogue with stakeholders and explain that 'we can meet your requirements for this set of simpler scenarios, however with our current recovery capacity we are unable to meet them for these more disruptive scenarios’. This dialogue 1.) Prevents unrealistic expectations and 2.) Lays the groundwork for making the case for budgets and projects for remediation of these deficits. These scenarios also provide a basis for the development of exercises to test recovery capability. Rod Davis, CRISC, CBCP

Scenario based recovery metrics

Rod Davis

Haricharan Reddy(Netbackup)_resume

Haricharan Reddy

Disaster Recovery Planning

Keystone IT

2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation

Scott Sutherland

Business Continuity Planning with Bareos and rear (Loadays 2015)

Gratien D'haese

Bringing the Cloud Back to Earth

Sri Chalasani

webinar-level-up-your-cloud-security.pdf

banecomovil

Data protection and retention is critically important for commercial and public sector organizations alike. In fact, it is said that three things keep a CIO up at night: data failure, time to recovery and ensuring IT is able to meet recovery point objectives. Today, if you have a failure, the amount of time the business is without the data can determine if you need to start looking for a new job… This presentation will help the attendees: • Evaluate the business case for targeting your backups to the cloud • Identify candidate data sets for cloud backup and assess opportunities and readiness • Mitigate the challenges of backing up to the cloud • Build a roadmap to your cloud implementation WWT also provides some real-world experience via use cases and introduces several tools and methodologies used to evaluate, plan and execute your journey to cloud backup in this presentation. To find out more about WWT’s Data Protection team, log on to wwt.com.

World Wide Technology: Is backing up to the cloud right for you?

Angie Clark

November 2014 Webinar - Disaster Recovery Worthy of a Zombie Apocalypse

RapidScale

Disaster Recovery & Business Continuity Overview

Aventis Systems, Inc.

Similar to How to recover from ransomware 2017 (20)

MGT3342BUS - Architecting Data Protection with Rubrik - VMworld 2017

WI_Symposium_Conference_2014

Backups and Disaster Recovery for Nonprofits

The Great Disconnect of Data Protection: Perception, Reality and Best Practices

Varrow Madness 2014 DR Presentation

How to plan Disaster Recovery in a five simple steps

How to Make an Effective Cloud Disaster Recovery Strategy.pdf

How to setup disaster recovery

15 Minute Ransomware Survival Guide

Webinar: 2018 Disaster Recovery Checklist - 5 Key Areas to Improve

Scenario based recovery metrics

Haricharan Reddy(Netbackup)_resume

Disaster Recovery Planning

2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation

Business Continuity Planning with Bareos and rear (Loadays 2015)

Bringing the Cloud Back to Earth

webinar-level-up-your-cloud-security.pdf

World Wide Technology: Is backing up to the cloud right for you?

November 2014 Webinar - Disaster Recovery Worthy of a Zombie Apocalypse

Disaster Recovery & Business Continuity Overview

More from Databarracks

According to our 2023 Data Health Check, less than half of organisations have an up to date Business Continuity Plan. But creating a plan isn't hard, and we will show you the proven methods to deliver something practical and usable. Listen to the webinar and learn how to: - Identify your risks and create mitigation strategies - Create your Business Impact Analysis - Find the right people for an effective crisis team - Accurately identify the scope of continuity projects - Make testing and exercising more frequent, productive and frictionless

How to write a Business Continuity Plan

Databarracks

How to write an effective Cyber Incident Response Plan

Databarracks

Lessons from 100+ ransomware recoveries

Databarracks

The written plan is the most important part of any disaster recovery solution. Yes, the recovery software is crucial, the failover environment must be stable and your connectivity must be reliable, but these are just components. Without a plan they’re useless. Having a well-designed and thoroughly tested plan in place will substantially increase your ability to withstand, and recover from, disruption. We’re going to share with you the methods, exercises, tools and expertise needed to create a plan that works when you need it most. • Assessing your risks and creating a Business Impact Analysis • Setting realistic recovery objectives • Making incident response plans that work • How to communicate in a disaster

How to write an IT Disaster Recovery Plan

Databarracks

Cyber Incident Response Plan

Databarracks

Who's responsible for what in a crisis

Databarracks

How to communicate in a crisis

Databarracks

How to protect backups from ransomware

Databarracks

Requirements for cyber insurance

Databarracks

In Business Continuity, your most difficult challenge is making your supply chain resilient. A cyber attack on a supplier or a shortage of stock can immediately impact your operations but is much harder to resolve. We're sharing our Toolkit to let you measure, track and improve your supply chain resilience. Download the toolkit here: https://www.databarracks.com/resources/supplier-continuity-toolkit

How to make your supply chain resilient

Databarracks

How to recover from ransomware lessons from real recoveries

Databarracks

There are lots of reasons to decommission a data centre. Perhaps you’re closing down an office? Or saving money by outsourcing your Disaster Recovery? Maybe your hardware is reaching end-of-life and you’re moving to the cloud? But It’s not an easy project. It can take longer than expected, eating into cost-savings and brings an increased risk of service-interruption. Key takeaways: • A checklist for Discovery, Implementation and Disposal stages • How to create an accurate budget and timetable • Choosing between a phased or ‘big bang’ approach

How to decommission a data centre

Databarracks

Zerto in azure technical deep dive

Databarracks

How to write an effective Cyber Incident Response Plan

Databarracks

Introducing rubrik a new approach to data protection

Databarracks

Microsoft Azure has become the default option for anyone migrating from on-site data centres to the cloud. It’s an obvious choice. Most IT departments are familiar and skilled with the Microsoft toolset, so for back-office systems it just makes sense. The question is, where to start? Setting up disaster recovery to Azure is a logical, low-risk first step. Profit from tricks on how to achieve a better TCO by using Azure for DRaaS: Replicating both VMware and Hyper-V environments Setting up the ZCA (Zerto Cloud Appliance) in Azure Connecting the ZVM (Zerto Virtual Manager) to your vCenter Using Blob storage for replica disks and journals Failing-over into Azure and failing-back

DRaaS to Azure with Zerto

Databarracks

How to run a tabletop DR test

Databarracks

Johan Holder presents our checklist for deployment of web-scale applications on AWS. We cover the fundamentals you need to apply when moving applications from a legacy hosting provider or building new services from scratch. • How to architect your AWS environment to take advantage of specific services such as Elastic Load Balancing, CloudFront, Amazon SQS and S3. • How to build for scalability, resilience and security • How to manage your costs We also show you how to avoid the common mistakes we see organisations make when getting started with AWS.

How to Develop and Deploy Web-Scale Applications on AWS

Databarracks

Calculating the Cost of IT Downtime for Law Firms

Databarracks

Databarracks zerto - webinar - sept2015-slideshare

Databarracks

More from Databarracks (20)

How to write a Business Continuity Plan

How to write an effective Cyber Incident Response Plan

Lessons from 100+ ransomware recoveries

How to write an IT Disaster Recovery Plan

Cyber Incident Response Plan

Who's responsible for what in a crisis

How to communicate in a crisis

How to protect backups from ransomware

Requirements for cyber insurance

How to make your supply chain resilient

How to recover from ransomware lessons from real recoveries

How to decommission a data centre

Zerto in azure technical deep dive

How to write an effective Cyber Incident Response Plan

Introducing rubrik a new approach to data protection

DRaaS to Azure with Zerto

How to run a tabletop DR test

How to Develop and Deploy Web-Scale Applications on AWS

Calculating the Cost of IT Downtime for Law Firms

Databarracks zerto - webinar - sept2015-slideshare

Recently uploaded

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Real Time Object Detection Using Open CV

Khem

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Scaling API-first – The story of a global engineering organization

Real Time Object Detection Using Open CV

A Domino Admins Adventures (Engage 2024)

Strategies for Landing an Oracle DBA Job as a Fresher

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Exploring the Future Potential of AI-Enabled Smartphone Processors

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Artificial Intelligence Chap.5 : Uncertainty

MINDCTI Revenue Release Quarter One 2024

Partners Life - Insurer Innovation Award 2024

Data Cloud, More than a CDP by Matt Robison

AWS Community Day CPH - Three problems of Terraform

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

How to Troubleshoot Apps for the Modern Connected Worker

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

GenAI Risks & Security Meetup 01052024.pdf

How to recover from ransomware 2017

1. How to recover from ransomware 2017

2. www.databarracks.com | 2www.databarracks.com | 2 INTRO & AGENDA Duration: 30 mins (including Q&A) Type questions on the right Q • What it is and how it works – How ransomware works and why it is breaching organisational defences. • Prevention & mitigation – Methods – The Incident and crisis management & escalation process • Recovery – A step-by-step guide to recovery *Slides will be made available and sent out following this session

3. www.databarracks.com | 3www.databarracks.com | 3 WHAT IS RANSOMWARE AND HOW DOES IT WORK?

4. www.databarracks.com | 4www.databarracks.com | 4 KEY FACTS • The encryption is to all intents unbreakable so backup data copies are the only guarantee to limit data loss • There is a deadline for payment – which forces action –recovery or payment

5. www.databarracks.com | 5www.databarracks.com | 5 WANNACRY • How it spreads – Installed by a worm – Uses Eternalblueexploit for Server Message Block (SMB) • US$300 ransom in bitcoins • Ransom doubled after 3 days • Files deleted after 7 days What’s different?What’s the same?

6. www.databarracks.com | 6www.databarracks.com | 6 HOW MANY DATABARRACKS CUSTOMERS WERE AFFECTED? 1

7. www.databarracks.com | 7 WHO IS BEING TARGETED AND WHY IS IT SO SUCCESSFUL? Why? Who?

8. www.databarracks.com | 8www.databarracks.com | 8 HOW DOES RANSOMWARE WORK - BACKGROUND

9. www.databarracks.com | 9www.databarracks.com | 9 HOW DOES RANSOMWARE WORK - BACKGROUND Installation Contact with command and control Search Encryption Ransom

10. www.databarracks.com | 10www.databarracks.com | 10 INCIDENT RESPONSE AND CRISIS MANAGEMENT ESCALATION Preparation Identification Containment Eradication Recovery Lessons learned Creatinga written policy and defining severity Identifyingwhether somethingis, or is notan incident The steps to limit the spread of ransomware Restorationof clean data from before the incident Bringingthe recoveredsystems back online How do we improve?

11. www.databarracks.com | 11www.databarracks.com | 11 HOW TO RECOVER vs Backup Disaster recovery

12. www.databarracks.com | 12www.databarracks.com | 12 HOW TO RECOVER • Increase the frequency of backups • Review (and extend) retention policies • Optimise connection speed between target and recovery environment (general) • Improvespeed of finding most recent clean backup Improving the Recovery Point Objective Improving the Recovery Time Objective

13. www.databarracks.com | 13www.databarracks.com | 13 RECOVERY Time to recover: 1 restore 24 hour RPO 3 days

14. www.databarracks.com | 14www.databarracks.com | 14 RECOVERY Time to recover: 1-2 restores 12 hour RPO 2.5 days

15. www.databarracks.com | 15www.databarracks.com | 15 RECOVERY Time to recover: 4-6 restores 4 hour RPO 2 days 4 hours

16. www.databarracks.com | 16www.databarracks.com | 16 RECOVERY Time to recover: 6+ restores Zero RPO 2 days 2 hours

17. www.databarracks.com | 17www.databarracks.com | 17 HOW TO TEST? Tutorial SAN Failure Cyber-Attack http://www.databarracks.com/resources/tools/

18. www.databarracks.com | 18www.databarracks.com | 18 IF YOU REMEMBER NOTHING ELSE! 1. Have a specific incident response plan for ransomware 2. Review backup schedules and retention policies 3.The only way to guarantee that you don’t lose your data is with historic copies of your data in backup or DR

19. www.databarracks.com | 19 RESOURCES • The Business Continuity Podcast – http://www.thebcpcast.com/ • Tabletop testing simulator https://tools.databarracks.com/dr- tabletop-simulation/index.html • History of ransomware – https://heimdalsecurity.com/blog/what-is- ransomware-protection/ • Ransomware definitions – http://www.trendmicro.com/vinfo/us/security/defini tion/ransomware • SANS Institute, IncidentHandler's Handbook – https://www.sans.org/reading- room/whitepapers/incident/incident-handlers- handbook-33901 • CryptoLocker DGA – https://blog.fortinet.com/2014/01/16/a-closer- look-at-cryptolocker-s-dga

20. www.databarracks.com | 20www.databarracks.com | 20 THE BCPCAST http://www.thebcpcast.com/

21. QUESTIONS?

How to recover from ransomware 2017

Recommended

Recommended

More Related Content

Similar to How to recover from ransomware 2017

Similar to How to recover from ransomware 2017 (20)

More from Databarracks

More from Databarracks (20)

Recently uploaded

Recently uploaded (20)

How to recover from ransomware 2017