Experience with Ransomware

With all the recent Ransomware attacks I felt compelled to share my experiences with them. In the last 3 years I have come across 2 instances where 2 separate clients infected their systems with Ransomware. The usual response is, “I just opened an email and then all of a sudden something happened.”
What I do know in regards to these 2 instances is that the threat came from an email attachment and that there was a fair amount of time between when the threat occurred to when it was reported. The time taken to report the issue can be critical to the amount of data that can be recovered and I will explain why.
The only way to resolve Ransomware infection is by running nightly backups. We use Acronis to make image backups of each clients machines and servers, however any similar imaging software will work. These images are backed up to a NAS device and since space is limited we can only retain a certain amount of backups. This is why it is critical that the issue must be recognized and rectified ASAP. The data loss is then contained to the time your last backup was made. Please note that if the time to report goes longer than your backup retention time frame you are shit out of luck. You can try to pay the ransom however since I have never done that I could not tell you whether that works or not. Feel free to ask if you have any questions and I hope you find this helpful.