Ransomware and disaster recovery plans

Disaster recovery is a basic element of any good business continuity plan. Business continuity planning is the creation of a process for the prevention and recovery from potential threats to your business. Business continuity planning addresses catastrophic events.  These events include loss of key employees or severe natural disasters. Disaster recovery planning is one piece of this broad planning. A good disaster recovery plans includes a set of instructions and who is responsible for each task.  It is necessary so a business can recover from an event that compromises its IT infrastructure.

Companies, that may or may not have IT support staff, will utilize the services of a managed service provider to help develop disaster recovery plans. One important piece of your disaster recovery planning will address how the business can protect its data from a ransomware attack or other data loss scenarios. Unlike more well known viruses, ransomware doesn’t just access your data, it locks it down so it is unusable. The bad guys business model behind this approach is simple: They are betting you will have no segregated backups and will be willing to buy back access to your data.

The only defense against a ransomware attack is offense

Routine backups of your data may not necessarily protect it from being held hostage. Talk to your managed service provider about the design of your backups and how they are structured.   They will be able to design a solution that will assure you always have an “offline” copy of your data. If you want to defeat the designers of ransomware, your only real solution is to have uninfected backups. As long as you have these, you can simply refuse to pay the ransom.