Breach Response Plans and Restoring Critical Systems

Posted August 17, 2021

Imagine returning to work after a long weekend and when you open your computer, you realize you have no access to your data or applications. You see one text document that you can open. The document explains your data has been encrypted and is being held hostage until you pay the $2.5mm ransom. The attackers left a decryption key that will decrypt part of your data just to show how easy it is to get back up and running. You contact your IT department, but they are also locked out. What happens next will determine if you help fund the attacker’s next attack or if you foil their criminal plans.

Once your data has been encrypted, you really only have two options to get back up and running. You can pay the ransom, or you can fix the vulnerability that allowed the attackers to gain access and restore from backups.

Without a tested breach response plan, paying the ransom is far too often the simplest, fastest, and most cost-effective solution. But paying the ransom only magnifies the problem by incentivizing more attacks. This is why we at Verus along with Federal agencies promote prevention and preparedness as opposed to supporting criminal behavior through ransoms. Attackers match the ransom amounts to the victim to increase their odds of getting paid. Restoring from backups sounds easy but when was the last time you actually restored your data from a backup? Are you confident the process works? Are you sure the backups are good? Do you know how long the process will take?

If your backups are local, they could also be encrypted with the ransomware. Or maybe your backups are safe but the software to restore them is encrypted with the ransomware. If your backups are in the cloud, bandwidth and network capacity become critical factors in the time required to restore. At 10Mbs (Mega-bits per second) a 500 GB restore will take approximately 5 days to download. Do you have enough local storage for the backup? Then once the backup is downloaded, how long will it take to run the restoration process? The fact is that the whole restoration process can easily take weeks. IT needs time to identify which backup to restore from, in many cases the backup must be downloaded and extracted, then restored. 500 GB is not a large backup. Many companies deal with backups in terabytes and petabytes. For those companies, a restoration could take years or decades. Now we can see why attackers get paid so often.

Ransomware attacks are on the rise and will likely continue as businesses fail to protect themselves and attackers easily get paid. Every business needs to test its backups and develop a plan for prioritizing the restoration of critical systems and rebuilding the network. In some cases, a breach response plan may include driving to an off-site backup location and physically grabbing a backup. When backups are large, shipping them can become the fastest data transfer rate. If you aren’t confident in your backup plan and breach response plan, contact us so you aren’t the next victim funding the attacks.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.