Darragh Canavan / 11. Mar 2018

How Do You Recover from Ransomware?

ransomwareIf you find yourself in the unfortunate situation of a ransomware attack, you have three basic options:

  • Agree to pay the ransom and get your data (at least temporarily)
  • Write off the infected device, and throw away the machine
  • Restore your data from a backup copy (if you have one)


Backup doesn’t Guarantee Recovery

Assuming you have already backed up your data, restoring your backed up data is clearly your best option. However, having a “backup” doesn’t guarantee you full protection from ransomware. A recent Spiceworks IT community study revealed that only 42% were able to fully recover everything from ransomware, despite the fact that the vast majority had backups.


Why Ransomware is Dangerous

Unlike your typical viruses, ransomware doesn’t simply infect or corrupt your files, but instead, locks them with a strong encryption, and demands a ransom, in exchange for decrypting. 


The reason why ransomware is more dangerous than other types of malware is that it’s hard to detect by even the most advanced antivirus software and firewalls. What’s more, it’s often capable of identifying the vulnerabilities in your computers, and is able to choose the best time to attack. In fact, it can wait for days in a dormant state, and once your system puts its guard down, it can launch an attack to ensure a 100% success. 


Some Ways to Mitigate the Risk of Ransomware:


  • Adopt 3-2-1 backup strategy 
  • Use multi-layer security system
  • Isolate critical machines from the network at all times 
  • Ensure that latest version of antivirus software is running
  • Conduct regular ransomware prevention training for employees
  • Define RPO and RTO – identify the level of availability for your data 
  • Be careful while opening e-mails – avoid clicking on suspicious links and attachments 


If your machine is infected with ransomware, you will need to isolate your machine immediately by disconnecting infected machines from all networks. You might try to decrypt your data by making use of purpose built tools, though successful recovery of data is not guaranteed. 


Ensure that data backup windows are not missed by leveraging source-side global data de-duplication, resulting in reduced backup footprint and shortened backup times. Periodic ransomware recovery test should be done, preferably by applying an automated and non-disruptive disaster recovery system. Regular testing is the surest way to learn if your ransomware protection strategy is working or not.


How to Recover Data from Ransomware?


Ransomware are so powerful, that even the best security measures prove to be futile. These sneaky malware programs are infamous for bypassing networking monitoring programs with ease. Even your robust antivirus program may fail to detect them. 


In case of a ransomware attack, disconnect affected devices from the network and the Internet immediately. Then, try the following:


1. Identify the Attack

The first thing you must do is try to identify the ransomware. There are many kinds of ransomware, including the less-dangerous ones like scareware, lock-screen malware, or serious ones like ranscam, IoT ransomware, etc. You can use a variety of tools that are available online for their identification, such as this one. Once you have identified the program, you can take the ransomware-specific approach to recover your files by either using decryption tools or any other indirect method that’s available. 


2. System Restore

You can also try to use the “system restore” feature of your windows system, which essentially rolls your system back in time. What it does is that it returns the system files and programs to a state they were in at a certain point in time while leaving your personal files unchanged. This may or may not be able to restore your files to their original unlocked form.

So, the best way to ensure that your data is protected is to invest in a good cloud backup service. 


Why you need a cloud backup service to recover from ransomware:


  • Cloud backup is your last line of defence. If your security measures fail to prevent an attack, you can simply wipe your database, and recover from the backup files.
  • Cloud backup services are quite affordable. In addition, most MSPs offer multiple packages so that you can pick one that suits your requirements and budget.
  • If you implement a good cloud backup, you can get your services up and running within hours after a downtime.

Remember that the best way to recover from a ransomware attack is to have a robust disaster recovery plan in place, which makes use of the cloud backup and online storage services that offer file and image based backups.



Ransomware attacks do not discriminate based on your operating systems. Attacks on Linux were uncommon until recently. You will need to take additional steps to make sure that both Windows and Linux systems are protected. 


Defining RPO and RTO is critical. For instance, a retail business may not be affected if its marketing material is not accessible for a day. However, this same business won’t be able to generate any revenue if its point-of-sale application is held for ransom. Likewise, a hospital may continue doing business as usual if its accounting system is down for a day, but encrypted patient records could definitely put patients lives at risk.


Feel free to contact Datastring regarding your ransomware mitigation strategies. Our experts will be happy to sit down with you and discuss your needs.


: sales@datastring.com 
IE: 016 994 294
UK: 0203 034 0523
USA: 716 242 7138