Backup After a Ransomware Attac

How To Recover Your Backup After a Ransomware Attack?

According to ransomware statistics, the average cost of a ransomware incident almost doubled from $4300 in 2018 to $8100 in 2020. The estimated global damages from ransomware went up from $8 billion in 2018 to $20 billion in 2020. What’s even worse, the average cost of downtime due to ransomware attacks grew 6 times from $46,800 in 2018 to 283,000 in 2020.

estimated global damages from ransomware

Despite this, a survey conducted by Keeper Security showed that 49% of the companies targeted by ransomware attacks ended up paying ransom. One of the primary reasons for this was lack of backup or having backup that they are unable to retrieve after a ransomware attack.


How to Recover Your Backup After A Ransomware Attack?

Here are some ways you can retrieve your data backup after a ransomware attack.

1.   Keep Multiple Types of Backups

Backups take storage space and most business don’t have an unlimited amount of storage space to store those backups. This makes it difficult for businesses to store backups for a long time. This is why you should keep different types of backup. For instance, you can take complete backup once and take iterative backups of data periodically. Make sure the frequency of interactive backups is higher so you don’t miss out on critical data.

2.   Safeguard Your Backup Catalog

Did you know that most advanced ransomware attacks target your backup catalog instead of a data backup? Yes, you read that right. Cyberattackers target backup catalog because it contains all the metadata of your backup such as index and bar codes of the disks as well as the complete path of disk location where your data is actually stored. This is why it is important to protect your backup catalog. Businesses must invest in a backup solution that offers security features to secure backup catalog, otherwise, it will be tough to restore your data without a stable backup catalog.

3.   Backup All Your Critical Data

If taking backup of all your data seems like a daunting challenge for you, you must at least take backup of all the sensitive data. You don’t want to be in a situation where you have backed up all of your data stored in the dedicated server but leave out one server which has critical business data stored on it. All your efforts will go down the drain if an attacker targets that server and manages to hack it or steal data from it. Even if all your data is lost, you might still be able to retrieve your critical business data to ensure business continuity. Although restoring your business to full capacity might take days or even weeks,  at least the ransomware attack won’t shut down your entire business.

4.   Isolate Your Data Backup

Another mistake most businesses make is that they tend to store the backup of their data at one place even if they have multiple copies. Instead, you are better off storing different copies of your data backup across different locations. For instance, you can store one copy on an offsite server and one on the cloud. This will secure your data backups and allow you to retrieve your data in case of a ransomware attack.

5.   Take a Backup of Your Business Processes

Advanced ransomware attacks not only impact your data, they can also paralyze your business processes. Hackers know that a company will have no choice but to pay the ransom to ensure business continuity if they can shut down their key business processes. Moreover, hackers also know that the more business processes they can target with a ransomware attack, the longer it will take the business to restore operations, providing them more opportunities to aggravate the damage.


When VanDyke became a target of ransomware, it took them weeks to restore operations as they had to restore all PCs and servers from scratch. This also includes downloading and reinstalling all the software and configuring everything from scratch. Most businesses don’t even have many recovery servers which can prolong the restoration process.

6.   Accelerate Data Recovery with Hot Disaster Recovery Sites

Did you know that one-third of IT directors think that they cannot recover from a ransomware attack in less than 5 days? Some companies are investing heavily into tapes while others are investing into hot disaster recovery sites. The latter not only gives you one click access to your data but can also drastically reduces the data recovery time. These hot sites are more common than ever before and if you have already migrated to a cloud, having a hot recovery site is a must-have.     Yes, you might have to invest handsomely to build and maintain a hot site, but it will pay off rich dividends down the line as you don’t have to worry about weeklong recovery time. This also minimizes the cost you have to bear due to downtime caused by ransomware attacks, which makes it a great investment.

7.   Harness The Power of Automation

In today’s dynamic business world, automation is your best friend. You can also use it to your advantage when taking backup of your data. You can create a script which copies your infrastructure and copy it to establish it in another zone. This reduces the restoration time from days to minutes. The only downside with this approach is that it demands a large initial investment upfront as well as technical expertise to create that type of script. Add to that the number of security controls that you need to place, and it puts most businesses off. Despite this, it has more advantages than disadvantages so you should seriously consider this option.

How do you retrieve your backup after a ransomware attack? Share it with us in the comments section below.

Mark Anthony

Add comment