The key to recovering from ransomware is preparation.
Obviously, the ideal is not to be victimized at all. To that end, identifying and addressing vulnerabilities in your organization's security posture, especially endpoints, servers, and networking systems and, perhaps most importantly, providing employees with education to help keep bad actors at bay, are critical for security in general. You may need to implement stronger access controls and patch known vulnerabilities.
But since no defense can guarantee 100 percent protection, recovering from ransomware requires pre-planning. First, you need to consider which systems and data are critical to your organization's operations and to prioritize backup and recovery accordingly, including (backup location, frequency, and storage media). Develop a data classification blueprint to identify which data is most important and should be backed up more frequently.
The key steps are then regularly backing up data to offsite or cloud-based storage, and testing backup and recovery processes to ensure they work. There are many solutions out there that provide these functionalities.
It's also important to have procedures and tools and people in place to isolate infected systems and components to prevent further spread of an attack. This may involve disconnecting infected machines from your network, disabling access to shared drives, or shutting down affected servers or workstations.
Once an attack has been contained, your recovery solution should, hopefully, make it relatively easy to restore systems from backup to their pre-attack status. It's important that your backup/recovery solution performs thorough scans to ensure that all malware has been removed.
Finally, regular risk assessments should help keep your strategy up to date. Consider a pen-testing service (if you don't have the expertise to develop a red team in-house). A good red team can simulate exploits and phishing to plant ransomware, and find unpatched network components. The results will often help you to fine-tune your software, incident response plans, and deal with vulnerabilities that have gone undetected.
Search for a product comparison in Backup and Recovery
SQL Database Administrator at Aurora Mental Health Center
Real User
Mar 17, 2023
The key to recovery from a Ransomware attack is the boy scout motto "Be Prepared". In our case, not only did we have backups at the DR site but both the Production site and DR site each had a NAS on a different subnet with different Admin passwords that had backup copies, so 4 total backups. We also were using iSCSI connections to our SAN which the ransomware was not able to cross when they polluted the connection file. This was an unexpected bonus. We were basically back up and running in 4 hours after wiping and restoring files. Lessons learned were to separate as much as possible so if one part of the domain/forest gets corrupted it cannot travel to the other areas. We now use Veeam for Hyper-V windows VMs and Zerto for VMware VMs, another separation of business functions with different admin passwords. Nothing is foolproof but by making it as difficult as possible then makes more time to catch and stop the attack sooner.
Find out what your peers are saying about Veeam Software, Hewlett Packard Enterprise, Commvault and others in Backup and Recovery. Updated: December 2025.
Backup and Recovery solutions protect data by regularly copying and securely storing it, ensuring quick restoration when necessary. These solutions minimize the impact of data loss, ensuring business continuity by restoring data in case of hardware failure, cyberattacks, or human error.
Backup and Recovery encompass a wide range of strategies and technologies designed to maintain data integrity. Businesses can leverage cloud-based storage, on-premises systems, or a combination of both to...
The key to recovering from ransomware is preparation.
Obviously, the ideal is not to be victimized at all. To that end, identifying and addressing vulnerabilities in your organization's security posture, especially endpoints, servers, and networking systems and, perhaps most importantly, providing employees with education to help keep bad actors at bay, are critical for security in general. You may need to implement stronger access controls and patch known vulnerabilities.
But since no defense can guarantee 100 percent protection, recovering from ransomware requires pre-planning. First, you need to consider which systems and data are critical to your organization's operations and to prioritize backup and recovery accordingly, including (backup location, frequency, and storage media). Develop a data classification blueprint to identify which data is most important and should be backed up more frequently.
The key steps are then regularly backing up data to offsite or cloud-based storage, and testing backup and recovery processes to ensure they work. There are many solutions out there that provide these functionalities.
It's also important to have procedures and tools and people in place to isolate infected systems and components to prevent further spread of an attack. This may involve disconnecting infected machines from your network, disabling access to shared drives, or shutting down affected servers or workstations.
Once an attack has been contained, your recovery solution should, hopefully, make it relatively easy to restore systems from backup to their pre-attack status. It's important that your backup/recovery solution performs thorough scans to ensure that all malware has been removed.
Finally, regular risk assessments should help keep your strategy up to date. Consider a pen-testing service (if you don't have the expertise to develop a red team in-house). A good red team can simulate exploits and phishing to plant ransomware, and find unpatched network components. The results will often help you to fine-tune your software, incident response plans, and deal with vulnerabilities that have gone undetected.
The key to recovery from a Ransomware attack is the boy scout motto "Be Prepared". In our case, not only did we have backups at the DR site but both the Production site and DR site each had a NAS on a different subnet with different Admin passwords that had backup copies, so 4 total backups. We also were using iSCSI connections to our SAN which the ransomware was not able to cross when they polluted the connection file. This was an unexpected bonus. We were basically back up and running in 4 hours after wiping and restoring files. Lessons learned were to separate as much as possible so if one part of the domain/forest gets corrupted it cannot travel to the other areas. We now use Veeam for Hyper-V windows VMs and Zerto for VMware VMs, another separation of business functions with different admin passwords. Nothing is foolproof but by making it as difficult as possible then makes more time to catch and stop the attack sooner.
Go to https://www.nucleustechnologie...