Can big companies successfully revert to backups from ransomware?

JimKiler

Diamond Member
Oct 10, 2002
3,561
206
106
Has there been a case where a company got hit with ransomware and instead of paying the ransom actually used their backup copies to recover? I have read that most companies consider it too painful to revert to backups and i have heard stories how the backups may not be usables but all smart companies have backups. I am curious how painful it is to revert to backups in a catastrophe like ransomware.
 

PliotronX

Diamond Member
Oct 17, 1999
8,883
107
106
Actually easier than running the decryption after paying the ransom. I saw an article that showed a third of surveyed businesses are stockpiling tens of thousands into bitcoin to prepare for future ransomware infection because to acquire that much in bitcoin could take a month (and usually the ransomware gives you only a few days). It is Looney tunes that they would sit on bitcoin instead of buying better backup software and storage and verifying integrity.

https://www.technologyreview.com/s/...tockpiling-bitcoin-to-pay-off-cybercriminals/

https://steemit.com/bitcoin/@zeroshiki/companies-buying-bitcoin-fearing-future-ransomware-attacks
 

Red Squirrel

No Lifer
May 24, 2003
70,157
13,567
126
www.anyf.ca
I always wonder this myself. If it's that much of a pain to revert to backups, maybe they need to reevaluate their backup strategy.

They should also have cold backups. Tapes still seem to be the way to go, but idea is if you get hit hard enough, you want some form of backups that are offline, and protected from a huge attack.

Companies and especially organizations like hospitals should have a manual/paper backup procedure too. Technology can fail, one should not rely on it 100%, there should always be a fall back.
 

XavierMace

Diamond Member
Apr 20, 2013
4,307
450
126
Reverted to backups at clients a variety of times due to ransomware. Never had one consider paying.
 

JimKiler

Diamond Member
Oct 10, 2002
3,561
206
106
I worked for a fairly large company in the finance industry that was hit by ransomware. We restored from backup. Luckily for us we were monitoring for these kind of attacks and caught it within 1-2 seconds of infection and the auto remediate script worked perfectly disabling the user's ability to reach shares and disabling the port they were connected to. Then it was just an hour restoring the files, re-imaging the laptop and vetting everything was ok.

That is impressive that it was caught very quickly.
 

PeterRoss

Member
May 31, 2017
81
5
11
Depends on the company. A couple of articles that were posted above and many others show that not all enterprises keep their data backed up on a daily basis and sometimes not evening running proper security, in those cases, it is rather difficult to restore everything, and then it becomes painful to salvage your system or data back together. Those that do have regular backups, usually have some form of catastrophe management system implemented or at least lately it has started to become more and more of a thing to have multiple tiers of recovery solutions not even during the ransomware attacks but in general due to hardware or software failures as well. Those failures are equally damaging to a company. I would say if kept in check and on regular back-ups it is less painful to restore a backup with minimal loss of data rather than paying for decryption.