No industry is immune to ransomware attacks. While there are different forms of ransomware, the most common one involves locking or encrypting a person or company’s data, and then demanding a ransom to restore access.
AWS offers CloudEndure Disaster Recovery, which can be used for ransomware recovery. CloudEndure Disaster Recovery can launch unlocked and unencrypted versions of your servers from before the ransomware attack into your preferred AWS Region. This point-in-time recovery capability protects your data and enables you to be back up and running in minutes after a ransomware attack – without having to pay ransom.
Managing cybersecurity risk
According to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, there are five main functions around which to plan and manage cybersecurity risk, including ransomware attacks:
Identify - Learn about your environment and what needs to be protected.
Protect - Implement access control, training, and protective technologies to minimize attacks.
Detect - Implement the tools necessary to detect an attack as quickly as possible.
Respond - Develop appropriate activities to contain the impact of a detected cybersecurity incident.
Recover - Develop plans for resilience and to restore any capabilities or services that were impaired due to an attack.
AWS offers many security services you can use to implement these functions.
You can use CloudEndure Disaster Recovery to quickly recover your environment, minimizing data loss and downtime in the case of a ransomware attack.
Using CloudEndure Disaster Recovery for ransomware recovery
Once CloudEndure Disaster Recovery has been set up on your primary servers (physical, virtual, or cloud), it continuously replicates your servers—including operating system, system state configuration, databases, applications, and files—to a staging area in your target AWS Region. This staging area contains low-cost resources automatically provisioned and managed by CloudEndure Disaster Recovery. This reduces the cost of provisioning duplicate resources during normal operation. Your fully provisioned recovery environment is launched only during an incident or drill.
If you experience a ransomware attack, you can use CloudEndure Disaster Recovery to perform a failover to your target AWS Region. Before you launch the failover, you will be prompted to choose a recovery point. Each recovery point is a point-in-time snapshot of your servers that you can use to launch recovery machines in your target AWS Region.
In the case of ransomware or other security incidents that involve data encryption or data corruption, select the latest recovery point before the ransomware attack or data corruption to restore your workloads on AWS. In this way, you can “rollback” to an unencrypted or uncorrupted version of your servers.
Run your recovered workloads in your target AWS Region until you’ve resolved the security incident. When the incident is resolved, you can perform failback to your primary environment.
Learn more on the CloudEndure Disaster Recovery product page.