Experts Say Testing Backups is Key to Preventing Ransomware Payments

Ransomware continues to be a big problem globally for both large enterprises and small businesses.  In the news we hear of big ransomware demands that are being paid to keep businesses up and running.  The question remains why do businesses keep paying? Especially businesses that already have data backups in place.

According to a blog post by Brian Krebs, many organizations will pay the ransom because of the length of time to restore from those backups. Krebs quotes Fabian Wosar, chief technology officer at Emsisoft: “In a lot of cases, companies do have backups, but they never actually tried to restore their network from backups before, so they have no idea how long it’s going to take. Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files. A lot of IT teams never actually make even a back-of-the-napkin calculation of how long it would take them to restore from a data rate perspective.”

So, even though you know it is important to have backups to restore your network, if you don’t know how long it will take to restore your data from those backups, or even how to begin the restoration process, you may find yourself in a situation where paying the ransom seems like the simplest, quickest solution. 

A better approach to the problem of ransomware is for all companies to test out what restoring from backups looks like.  You also need to prioritize which mission critical data and applications need to be restored first. 

Experts like Wosar recommend regular tabletop exercises where you can drill your breach response plans and through these exercises you can start to refine your plans. These exercises will test not just how long it takes to restore the network from a breach, but what the restoration process will be like, and which data/systems are the most critical restore first.  This all needs to be worked out ahead of time.  While you are in the middle of a breach is not a good time to try to be figuring this all out. 

If you are looking to implement or improve your business’ breach response plan, Uzado’s BRaaS (Breach Readiness as a Service) will help your organization mitigate the effects of the breach and reduce the turnaround time. With BRaaS, Uzado will help you put in place an incident response plan to deal with cyber threats such as data breaches, ransomware, fraud, and cryptocurrency theft. Uzado will help you test your plan so that in the event you need to respond to a breach, you are prepared to deal with it with little impact to your business.  Want to learn more about BRasS? Contact us today!