An air-gapped backup alone won’t get you there. Part 2

In our previous blog, we told you that an air-gapped backup is admittedly a very good step to keep data safe. But also that there are other steps to take in preparing for a possible cyberattack with ransomware. In this blog, we take a closer look at what you can or even should do in case such an attack actually occurs.

We all hope it never happens, but suppose … You face a cyberattack, see strange things happening on your screen, data is encrypted. Hopefully you have prepared well (see our previous blog), but what do you do the moment it actually happens?

1. Take everything offline immediately

At least this way you prevent data from leaking outward. After all, that could very well be confidential business information, customer lists, patents or other sensitive data.

2. Call!

Call your backup vendor, your hardware vendor, your IT integrator, your insurance company: everyone involved. Inform them and ask for help. That’s what they’re there for. Tip: let them know how you can be reached, as the “normal” channels are turned off for a while.

3. Temper expectations

If you are well prepared, you can quickly start restoring and rebooting. Just remember not to set expectations high with customers and suppliers right away. Assume it will take two to four weeks to return to full operation.

4. Start restoring

Make sure you don’t do a restore of your entire environment directly from your air-gap backup; that’s very dangerous. Get the information from your data and documents that are approachable and not infected. For restoring the entire IT environment, you work with a sandbox environment, which is shielded where you can safely run a test to check that everything is going according to plan. Never just restore all your data! You may have to restore your backup several times in the sandbox environment because it will go wrong a few times until you figure out which data is infected. Preferably, you have a storage that allows you to restart the backup very quickly. For example, a storage with deduplication has to do too many calculations to work quickly. Silent Bricks can handle this!