Restore 6000 Systems After A Ransomware Attack- Not Fun

Ransomeware     How long would it take your company to restore normal operations if hundreds of systems were corrupted with ransomware? On May 11 2017, a global ransomware attack was initiated that affected over 200,000 computers in 150 countries. It could have been much worse had a 22 year old security specialist in the UK not stumbled across the “kill switch” in the malware.

What is particularly scary about this new ransomware variant is that it does not need someone to open an attachment to enter your network. If the hacker can access your network they can load the malware and it rapidly propagates across infecting systems as it goes. Most organizations do everything they can to prevent cyber attacks and that is certainly a good idea. I am sure a lot of the companies hit with the attack, like FEDEX and the UK’s National Health Service, believed they were in pretty good shape as far as proactive cyber measures. In both instances they were brought to their knees and needed days to recover.

The Erie County Medical Center in New York had a ransomware attack on April 9, 2017. According to an April 25 article in Health Data Management e-zine, the hospital cleaned and returned 6000 hard drives as part of the recovery process. In a ransomware attack you have to assume every system is corrupted so you have to restore the operating system and applications from a “gold” standard, but does recovery really have to take weeks? No, it does not.

InstantRecovery™ is a high-availability software solution that restores the operating system and applications on a Windows workstation or server in the time it takes to reboot. It creates a bootable snapshot of the system drive and keeps it in a hidden and protected folder on the system drive. If ransomware, or any system corruption occurs, the recovery snapshot is easily invoked and the system restored to a known and trusted state in the time it takes to reboot. InstantRecovery can be used to restore hundreds or thousands of systems. In a typical ransomware scenario one or more of the following actions would be needed for same day recovery:

* Command sent to boot all systems to the recovery snapshot

* Command sent to systems to copy the recovery snapshot to the corrupted main system to eliminate malware

* Command sent to reboot systems to the repaired main system

Cyber attacks are costly in terms of lost productivity, lost opportunity, reputation damage and public companies may see an impact on the stock price. A Department of Homeland Security white paper says a key element in any networked security system is the ability to quickly return systems to a known and trusted state. InstantRecovery does that faster than traditional recovery methods.

Category: InstantRecoveryPC ProtectionransomwareSystem AdministrationSystem Recovery