Ransomware Recovery

If you’re hit by ransomware, do not panic. Think through the processes below.

1. When can you start on your client’s recovery? At least seven days will lapse before you can get to work on the systems.
2. How long will my client be down? Give your client some ready, loaner servers.
3. Should my client pay the ransom? Keep your client asset list ready. What is the priority for bringing the data back online.
4. Am I as an MSP going to be liable? You will encounter this later in the process. Make whoever provides your errors and omissions insurance aware of the problem.
5. How do I prevent this?
– Set up users so they don’t have admin rights.
– Do not log in to workstations with domain admin accounts.
– Create an alert to let you know if you have a domain admin logged into a machine that’s been idle for more than an hour.
– Don’t give normal users domain access rights. Only give them these rights when they are applying updates. Give them local admin rights only as needed and create these rights on a separate account.
– Do not share passwords or usernames between accounts.
– Never log in to your backup servers or solution from the servers you are backing up.
– Check your AV status, running or not? Make sure it gets updated and users can touch it.

*** Ransomware doesn’t work if it doesn’t kill the backups. ***

Leave a Reply

Your email address will not be published. Required fields are marked *