Which is worse: #ransomware or hard drive failure?

It’s a trick question. Both impact your business the same way – you lose access to your valuable business data when you are not expecting it.

One of the most important things you can do about cybersecurity is to stop thinking about it like a mysterious disease whose only cure is to buy specialized protection software. To be sure, some businesses that need instant and constant access to their data may certainly need these kinds of protections, but most businesses do not.

If your business won’t be crippled immediately by losing access to one or more computer files or databases, then you can (and should) recover from ransomware the same way you recover from a hard disk failure: restore your operating system, and then your damaged or missing files, from recent backups.

We all back up our data, don’t we?

Whether you’re a victim of a ransomware attack or hard disk failure – in either case, keeping regular data backups mean you don’t have to call in specialized consultants to try and recover lost business data. Of course, if you haven’t been backing up, and you get hit by ransomware, you can sometimes recover using free tools like the ones available on the Windows Club website, arranged by type of ransomware.

Getting started with data backup

If you’re a small business and don’t have an IT department, consider buying two inexpensive external hard disks at least 2 or 4 Terabytes (TB) in size for each of your computers. Storage is cheap these days and the more storage you have on your backup disks, the farther back in time you can save your data. Label the backup disks with the name of the computer you are using them with and whether the disk is #1 or #2.

Now backup regularly to both disks – including doing a system image and possibly a recovery USB. Here’s a great article on how to do it all. Why use two disks? Think what happens if your hard drive fails and your single backup disk fails. You will need that second one. Also, it’s important that you don’t leave the disks connected to your computer at all times. Only connect them when you do a backup and then eject the disk when complete. Some ransomware tries to encrypt all attached disks. Disconnecting your backup disks limits the potential of having your backups encrypted too.

Note If you have an Apple Mac, you will use Time Machine for backup. Add both disks to your computer’s Time Machine backup list.

If you have an IT department, they should already be doing regular backups of your hard disk files over your company network. If you are on Microsoft Office 365, you may also be backing up to your OneDrive for Business or a SharePoint site in the cloud. Check with your IT department to find out more.

This approach is convenient and works but doesn’t address what happens if you keep both backup disks near your computer and all three are destroyed (e.g. tornado, flood, break-in, something else). If you really want to follow industry best practices for data backup, check out the “3-2-1” plan published by the U.S. Computer Emergency Readiness Team (US-CERT). While you’re at it, check out other information on the CERT website. They have a lot of great advice on reducing IT risk.

And if you are really worried about losing your data, get a USB DVD or Blu-ray drive and make backups to write-once optical discs. No ransomware can encrypt files backed up write-only media. If your DVD or Blu ray drive fails, just buy another reader. Optical disks, if properly cared for, could be readable for 40-100 years. How’s that for risk management?

What to do if you get attacked by Ransomware

While ransomware is a business risk, and a great source click-bait news articles, ask yourself how many people do you know personally who have been infected? The recent #Wannacry attacks have been reported to have affected 200,000 victims in 150 countries. In contrast, Gartner’s Dataquest statistics have said there were two billion PCs in use by 2015.

That means one in every 10,000 computers were possibly hit. Low odds – especially if you followed our previous advice and kept up with your OS patches and were running a recent version of Windows. In that case, you were absolutely safe from that ransomware attack wave.

So, if you do get hit by ransomware, and you have been backing up your files, recovering means taking a couple of hours off to return your PC to factory settings and restoring your data from your backups. Some types of #ransomware can complicate the data recovery process. They delay their start, waiting until a specific time or date before starting to encrypt your files. If this happens, you may have to look through a couple of previous backups to find unencrypted versions of your files. Other ransomware attacks will work to encrypt connected hard disks and network servers. Once again, you may have to hunt through both backup disks to find unencrypted files.

Try to recover files from your backups at least once

Don’t just make backups and hope it will all works out when trouble strikes. Test that you can fully restore your PC from backup at least once. The last thing you want is to be trying to do a restore for the first time when you are attacked.

Still not sure what to do? Amaxra is here to help.

Amaxra can help you work up a cost-effective backup and restore disaster recovery plan tailored to your business needs and risks.