How ransomware works and why it is breaching organisational defences
The best methods for prevention
The incident and crisis management & escalation process
A step-by-step guide to recovery
💕📲09602870969💓Girl Escort Services Udaipur Call Girls in Chittorgarh Haldighati
How to recover from ransomware
1. How to recover from
ransomware
2:00pm
29th September 2016
2. www.databarracks.com | 2www.databarracks.com | 2
INTRO &
AGENDA
Duration: 30 mins
(including Q&A)
Type questions on
the right
Q
• What it is and how it works
– How ransomware works and why it is breaching
organisational defences.
• Prevention & mitigation
– Methods
– The Incident and crisis management &
escalation process
• Recovery
– A step-by-step guide to recovery
*Slides will be made available and sent out following this session
5. www.databarracks.com | 5www.databarracks.com | 5
FACTS TO
NOTE
• The encryption is to all intents unbreakable so
backup data copies are the only guarantee to
limit data loss
• There is a deadline for payment – which forces
action –recovery or payment
9. www.databarracks.com | 9www.databarracks.com | 9
INCIDENT RESPONSE AND CRISIS
MANAGEMENT ESCALATION
Preparation Identification Containment Eradication Recovery
Lessons
learned
Creating a written
policy and defining
severity
Identifying whether
something is, or is
not an incident
The steps to limit
the spread of
ransomware
Restoration of clean
data from before the
incident
Bringing the
recovered systems
back online
How do we improve?
11. www.databarracks.com | 11www.databarracks.com | 11
HOW TO RECOVER
• Increase the frequency of backups
• Review (and extend) retention
policies
• Optimise connection speed
between target and recovery
environment (general)
• Improve speed of finding most
recent clean backup
Improving the Recovery Point
Objective
Improving the Recovery Time
Objective
12. www.databarracks.com | 12www.databarracks.com | 12
THE INCIDENT RESPONSE PLAN:
STEP-BY-STEP RECOVERY
Preparation Identification Containment Eradication Recovery
Lessons
learned
IT is notified and
confirm ransomware
infection
Isolate the infected
share / drive /server
Find the time of
infection and test
the first backup
Bring share / drive /
server online. Test
again, be vigilant
Review how
infection occurred,
data loss and time
to recover
20. www.databarracks.com | 20www.databarracks.com | 20
IF YOU REMEMBER NOTHING ELSE!
1. Have a specific incident response plan for
ransomware
2. Review backup schedules and retention policies
3.The only way to guarantee that you don’t lose your
data is with historic copies of your data in backup or DR
21. www.databarracks.com | 21
RESOURCES
• The Business Continuity Podcast
– http://www.thebcpcast.com/
• Tabletop testing simulator
https://tools.databarracks.com/dr-
tabletop-simulation/index.html
• History of ransomware
– https://heimdalsecurity.com/blog/what-is-
ransomware-protection/
• Ransomware definitions
– http://www.trendmicro.com/vinfo/us/security/defini
tion/ransomware
• SANS Institute, Incident Handler's Handbook
– https://www.sans.org/reading-
room/whitepapers/incident/incident-handlers-
handbook-33901
• CryptoLocker DGA
– https://blog.fortinet.com/2014/01/16/a-closer-
look-at-cryptolocker-s-dga