Mar 17 2023

Before, During and After a Ransomware Attack: What IT Leaders Need to Know

As businesses experience the relentless onslaught of ransomware, many search for new defensive strategies.

Ransomware attacks are on the rise. Despite IT leaders defensive efforts to combat this trend, there was a “33 percent increase in 2022,” according to cybersecurity technology maker Cybereason. The attacks have become so routine that Cybersecurity Ventures predicts “by 2031, they are expected to occur every 2 seconds” and carry a global cost of about $265 billion. With such statistics, businesses can assume it’s only a matter of time before they get hit — but that doesn’t mean they shouldn’t plan ahead.

Andrew Miller, lead principal technologist at Pure Storage, acknowledges that being completely prepared against a ransomware attack is tough. But it is possible if organizations invest in building a multilayered defense strategy. The scheduled speaker at CDW’s Tech Tipoff Series in Charlotte, N.C., on March 24, 2023, Miller explains the anatomy of a ransomware attack and how IT leaders can strategize for a fast recovery.

Click here to learn how you can join the Tech Tipoff event.

Why Ransomware Recovery Is Crucial to ROI

“With any ransomware attack, recovery time is crucial, but often overlooked during upfront planning,” he says.  “If your recovery time takes too long, it can have serious financial and reputational consequences. I’ve seen cases where it can take weeks or months, and a company might not have a choice but to pay the ransom.”

Ransomware attacks continue to rise every year due to a variety of factors, including COVID-19 and the increase in remote work, the adoption of blockchain and cryptocurrency, political events and international trade issues, even the war in Ukraine. In short, any number of events can spur an increase in the attacks.

WATCH: Check out this preview of the CDW Tech Tipoff event to find out what to expect.

“Many people don’t fully understand the anatomy of a ransomware attack, if only because it keeps changing,” says Miller. “I work with customers who ask, ‘Have the hackers really compromised all my data? What happens if attackers compromise administrative credentials? How fast can I bring it back online? How do I mitigate future attacks?’”

The answer is complex, but one thing is for sure: “Ransomware is a game of asymmetric warfare,” says Miller. “On any given day, the attackers need to be right only one time. And data center architects have to be right every single time. This is an industry that competes with you.”

Andrew Miller
On any given day, the attackers need to be right only one time. And data center architects have to be right every single time. This is an industry that competes with you.”

Andrew Miller Lead Principal Technologist, Pure Storage

Why Building a Multilayered Ransomware Defense Strategy Is Key

Fighting ransomware begins with building a multilayered defense strategy. Ahead of any threat, IT leaders need to deploy defenses at each point of the security lifecycle.

According to Miller, the key to overcoming a ransomware attack is establishing what he calls, “a tiered protection architecture. The trifecta is critical because it allows for defenses to be in place before, during and after an attack. If you’re thinking about recovering data during an attack, it won’t work, because the hackers have already infiltrated your domain. They’ve done so in advance and planned the exact moment to take your data offline.”

This is precisely why businesses need to prepare long before an attack occurs.

EXPLORE: Better understand the anatomy of a ransomware attack.

The Key Steps IT Leaders Need to Take for Ransomware Recovery

If every piece of technology is a possible threat vector, businesses first need to understand the potential points of entry. Next, they should plan for the inevitable attack and then deploy security measures at each phase. Here’s what IT leaders need to know:

Before an attack: Patch management is critical to maintaining good cyber hygiene. Businesses can use analytics platforms to identify potential threats and can also hire security experts to look for indicators of compromised systems, says Miller.

During an attack: Have systems and procedures in place to lock down the cyber environment, cutting off access. Identify the type of attack. Mobilize the incident response team and initiate strategic communications. “With a publicly traded company, saying too much can impact stock price,” says Miller. “Saying too little can cause regulatory and compliance issues.”

After an attack: Prioritize systems for recovery and restoration, similar to disaster recovery planning. Next, consider having forensics teams ready internally or on retainer to clean malware infections in an offline environment. Doing this work offline is one way ransomware recovery differs from traditional disaster recovery. Communication to keep teams and executives apprised of recovery efforts is critical as well.


623 million

The number of ransomware attacks reported worldwide in 2021, up 105 percent from 2020 and more than threefold since 2019

Source: SonicWall, 2022 Cyber Threat Report, February 2022

Finding Ransomware Solutions for the Long Term

“If your business is hit with a ransomware attack, you want to be 100 percent confident that data protection is in place. You want zero chance that your backups or data protection methods have been compromised or deleted.”

Pure Storage offers several security components that can provide businesses the assurance of simple and reliable data recovery, including immutable snapshots; SafeMode protection for primary data, which ensures that the data inside cannot be modified; and unmatched speed.

LEARN MORE: Are your backup files enough when facing ransomware?

Simplicity is key. Organizations need safe and fast data protection without continual upkeep. To protect against compromised administrative credentials, which are becoming more common, Miller recommends the SafeMode feature, which can prevent malicious data deletion stemming from unexpected staff exits or a rogue administrator.

Reliable backup systems are also essential. Pure Storage can protect system backups using immutable snapshots and SafeMode, and partners with a range of data protection providers, including Commvault, Veeam, Cohesity, Rubrik and others, to provide fast data restoration of up to 1 terabyte per day. IT leaders can also consult with a trusted adviser, such as CDW, that can identify system vulnerabilities.

Preparedness means accepting the inevitability of a ransomware attack. “It’s extremely uncomfortable to think about,” said Miller. “But the better you plan, the higher the chance you can recover without the attack becoming an existential threat to your company.”

Foxeel/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT