No industry is immune to ransomware attacks. While there are different forms of ransomware, the most common one involves locking or encrypting a person or company’s data, and then demanding a ransom to restore access.

AWS offers CloudEndure Disaster Recovery, which can be used for ransomware recovery. CloudEndure Disaster Recovery can launch unlocked and unencrypted versions of your servers from before the ransomware attack into your preferred AWS Region. This point-in-time recovery capability protects your data and enables you to be back up and running in minutes after a ransomware attack – without having to pay ransom.

Subscribe to CloudEndure Disaster Recovery on AWS Marketplace 

Managing cybersecurity risk

According to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, there are five main functions around which to plan and manage cybersecurity risk, including ransomware attacks:

Identify - Learn about your environment and what needs to be protected.

Protect - Implement access control, training, and protective technologies to minimize attacks.

Detect - Implement the tools necessary to detect an attack as quickly as possible.

Respond - Develop appropriate activities to contain the impact of a detected cybersecurity incident.

Recover - Develop plans for resilience and to restore any capabilities or services that were impaired due to an attack.

AWS offers many security services you can use to implement these functions.

You can use CloudEndure Disaster Recovery to quickly recover your environment, minimizing data loss and downtime in the case of a ransomware attack.

Using CloudEndure Disaster Recovery for ransomware recovery

Once CloudEndure Disaster Recovery has been set up on your primary servers (physical, virtual, or cloud), it continuously replicates your servers—including operating system, system state configuration, databases, applications, and files—to a staging area in your target AWS Region. This staging area contains low-cost resources automatically provisioned and managed by CloudEndure Disaster Recovery. This reduces the cost of provisioning duplicate resources during normal operation. Your fully provisioned recovery environment is launched only during an incident or drill.

If you experience a ransomware attack, you can use CloudEndure Disaster Recovery to perform a failover to your target AWS Region. Before you launch the failover, you will be prompted to choose a recovery point. Each recovery point is a point-in-time snapshot of your servers that you can use to launch recovery machines in your target AWS Region.

In the case of ransomware or other security incidents that involve data encryption or data corruption, select the latest recovery point before the ransomware attack or data corruption to restore your workloads on AWS. In this way, you can “rollback” to an unencrypted or uncorrupted version of your servers.

Run your recovered workloads in your target AWS Region until you’ve resolved the security incident. When the incident is resolved, you can perform failback to your primary environment.

Standard Product Icons (Features) Squid Ink
Get started with AWS Elastic Disaster Recovery

Start replicating your servers to AWS.

Sign in to your account 
Check out more details
Learn more about pricing

Discover how to reduce costs with AWS as your recovery site.

Visit the pricing page 
Standard Product Icons (Start Building) Squid Ink
Access the getting started guide

Follow steps to set up, test, and operate AWS DRS.

Explore technical documentation