Ransomware attacked, what now?

On Friday afternoon, the NHS was hit by a cyber attack of historic proportions, affecting trusts and public health services nationwide. This is a stark illustration that ransomware is a very real threat, and does not discriminate when it comes to crippling businesses. In a technology age where cyber attacks and being virtually held to ransom are the new normal, it’s absolutely critical to have a strategy in place to both combat attacks when they happen, and to ultimately prevent them before they do.

  • 7 years ago Posted in
Some leading companies in the storage and security sectors offer their advice on how to prevent your business falling victim to a ransomware attack, as well as steps to take if the worst were to happen.


John Gladstone, EMEA Healthcare Practice Lead, Commvault commented: “To get back up and running depends on the individual trust and the systems they have in place. Most hospitals run around 300 to 350 applications but do not have a central platform to manage them. Most hospital IT depts control a majority, (but very rarely all) of the data management requirements of these applications. The other applications not controlled directly by IT have to be manually checked and backed up randomly. It is therefore easy to see how the attack took hold and spread very quickly. Turning off the systems was some Trusts only option. The challenge is that without the right budgets or resources very few make back-up or cyber security a priority and therefore with disparate systems they will potentially be struggling to get operational again quickly. Once the immediate threat of malware infection spread is neutralised, those that have got a single platform, universally consistent back up solution in place will probably only take a few hours to cleanse their systems and get at least 60% up and running quickly. But if not it could take some Trusts several days or even a week to get back up and running, even then for some a lot of uncentralised data might be lost for good.”


Gary Quinn, President & CEO, FalconStor said:"Ransomware attacks can have severe consequences, as the NHS, and many other organisations, have experienced over last few days. The threat of another is imminent, it’s clear the WannaCry attacks are having a huge impact globally. Now, more than ever, organisations and public sector authorities will sit up and realise the importance of protecting data against similar threats. As well as training staff not to click suspicious looking links, organisations need to deploy a disaster recovery solution and quickly. Once the malware infection is neutralised, the fastest way to recover from these attacks is to use a system-level snapshot of the system that allows near-instantaneous “rollback” of the system to a reasonable time prior to the attack. Older traditional systems only take one backup a week, or at best, once a day. It is important that new systems are implemented that will take multiple snapshots a day and allow 5-10-minute recovery of systems dramatically reducing the attacker’s impact to business.”

Gary Watson, Founder and VP of Technical Engagement at Nexsan advices: “Ransomware attacks will continue to occur more frequently as it is a highly lucrative business. The recent NHS cyber-attack is a prime example of how vulnerable organisations are. Even with careful IT departments and precautions in place, anti-malware products are not infallible. The NHS will either be forced to pay the ransom or continue business operations without the use of computers, that hold vital patient data, or phone lines. Ensuing patient care is crucial and the NHS needs to be prepared so they continue to run a fully operational service. As this trend increases, it will become even more critical that organisations arm themselves with a second line of defence that protects data from corruption and deletion, minimising the impact of malicious cyber-attacks such as this."

Peter Godden, VP of EMEA, Zerto stated: "The news of the NHS cyber attack reinforces the fact that simply detecting breaches sooner is not sufficient. Once ransomware takes hold of a system the hacker has full control, as we are seeing with the complete shutdown of hospitals across the country. In this instance, with people being turned away from emergency rooms, the downtime is actually impacting critically ill patients and will have enormous repercussions,” said Peter Godden, VP of EMEA, Zerto. “For all organisations, a disaster recovery plan must not be an afterthought. Being able to quickly recover mission critical data from just seconds before a ransomware attack takes place can allow organisations to minimise the attack's impact. There is no question the first line of defence is keeping these attacks from penetrating vital systems and data in the first place. But if ransomware gets in, the ability to quickly recover and resume 'business as usual' is critical for any organisation, especially one as important as the NHS.”

No matter how large or small the organisation, inadequate tools and planning for the event of a ransomware attack could be disastrous. While there is no guarantee that every business will fall victim to an attack like this, being prepared and acting accordingly in the event of a crisis will go a long way to helping organisations secure and recover data.

By Gareth Beanland, Infinidat.
To ensure full confidence that your documents, spreadsheets, and correspondence are kept safe,...
By JG Heithcock, General Manager of Retrospect, a StorCentric Company.
Michael Del Castillo, Solutions Engineer, Komprise, looks at how to design a cloud storage strategy...
By Ezat Dayeh. Senior Systems Engineering Manager, Western Europe at Cohesity.
The past year significantly changed the way organisations protect and store their data. By Joe...
By Rainer W. Kaese, Senior Manager Business Development, Storage Products Division, Toshiba...