6 Steps to Ransomware Recovery in a Commvault Environment

Ransomware attacks are becoming more frequent and sophisticated as time goes on, so it is important to know the actions to recovery. “70% of ransomware attacks involved the threat to leak exfiltrated data”.¹

It is the worst-case scenario constantly re-defined. It costs companies hundreds of thousands of dollars to pay the ransom, typically. “The average ransomware payment is $154,108”.¹

The recovery process is important because organizations want to focus on getting back to business. It is hard to understand the process unless you or your organization have experienced it. These steps will help you understand what ransomware recovery entails and how to approach it.

1. Contact Customer support
2. Update and deploy antivirus and ransomware protection software
3. Recover the Commvault CommServe
4. Recover Commvault MediaAgents
5. Create a Client recovery priority list
6. Initiate recoveries

The first step to ransomware recovery is contacting Commvault Customer Support. This will help determine the level of impact that the attack had and jointly establish a plan.

Step two is to update and deploy antivirus and ransomware software. This step is to prevent the re-spread of ransomware viruses.

Recovering the Commvault CommServe and disabling backup schedules is step three in the process. The company will also need to disable all backup plans and scheduled backups temporarily to keep further damage from happening.  

Step four is for recovering Commvault MediaAgents and access to libraries. It is crucial to make sure that the MediaAgents are accessible and functional.

The fifth step is the client recovery priority list. This is where your organization will generate a list of critical systems and applications and determine what is most important for getting back to business.

The final and sixth step is to initiate the recoveries. The organization must pay attention to the point-in-time to ensure it is pre-infection. This way, you are not recovering from a point-in-time that includes the ransomware files.    

It is important to emphasize starting your preparation today because every little bit will help. Within Commvault Command Center^TM, there are valuable tools and dashboards to understand your data and your data protection and recovery capabilities. A great resource is the Commvault Recovery Readiness Report to evaluate your RPO and RTO service levels.

These six steps will help you better prepare and recover from cyber-attacks that have become more sophisticated with time.

Sources

1 Coveware Quarterly Ransomware Report, Feb 1, 2021