Disaster Recovery Planning Does Not Equal Ransomware Recovery

Reading time for this article .

By Tony Mendoza,
Senior IT Director, Spectra Logic

As you may know, Spectra was hit by ransomware in May 2020.   We’ve chosen to be transparent about the attack to help as many organizations as possible understand how to recognize, withstand and recover from an attack, all while maintaining business continuity and rejecting ransomware payoffs. 

I recently was interviewed about our experience with a ransomware attack by Chris Evans who hosts Storage Unpacked, a popular podcast for IT professionals.  You can listen to that broadcast here.

During the interview, Chris and I discussed the fact that Spectra had a rock-solid disaster recovery plan in place when we got hit, mainly because we are a data storage company and understand how important it is to have both the plan and products in place to protect data.   However, Spectra learned one important lesson from the attack.  In a nutshell, Disaster Recovery is not Ransomware Recovery.  In other words, mitigating and recovering from a ransomware attack with a Ransomware Recovery plan is different than having a Disaster Recovery plan — and I’ve learned you really need to merge both in order to create an air-tight strategy that lessens the impact of a cyberattack.   

With ransomware costing companies millions of dollars, it’s important for you to consider what to add to your DR plan to make your infrastructure more ransomware resilient.  I won’t be able to cover everything in this short blog, but check out our ransomware page that covers the following points in much more detail.   In brief, here’s a quick synopsis of what we recommend to prepare for and mitigate a ransomware attack. 

Before the Ransomware Attack

  • Develop and test your Disaster Recovery Plan that includes a Ransomware Recovery Plan
  • Ensure your employee base is well educated on recognizing email phishing attempts
  • Deploy a robust security infrastructure and maintain secure backup processes
  • Mitigate your blast radius by moving less used data off of primary storage to locations where the data can be protected and air gapped
  • Run regular network security assessments
  • Deploy attack hardened™ solutions that shelter a golden copy of data 
  • Create a game plan to recognize and stop the attack
  • Consider cyberattack insurance or on-call cyber experts to provide specialized help and advice

After the Attack

  • Shut down all systems immediately
  • Report the incident to the FBI or similar federal agency
  • Tap your cyber experts
  • Assess the damage
  • Ensure your ‘golden’ copy is safe
  • Evaluate next steps

I always say it’s not if, but when, you will be attacked.  Take it from me, you will want a robust Disaster Recovery plan melded with a Ransomware Recovery Plan to ensure that you can get your organization up and running quickly without paying the threat actors or losing customers. 

As a byproduct of our experience, Spectra made a decision to enhance our entire solution set with attack hardened features that make them much more ransomware resilient. Check out our latest announcement that unveiled these solutions which, among other exciting benefits,  increase the chances that our customers can withstand an attack and maintain business continuity.