Recovering from Ransomware: Lessons Learned from 1,200 IT Leaders

You rely on data availability and integrity to operate, but ransomware threatens to derail everything. If your systems and data get locked down by cybercriminals, are you confident you can recover quickly and completely?

A new survey of 1,200 ransomware victims reveals sobering trends every IT leader should know. The findings highlight the importance of reevaluating backup and recovery strategies to harden defences and assure data availability.

Expecting the worst

The Veeam ransomware report is a blind survey of 1,200 unbiased IT leaders. It found that 85% of organisations suffered a cyber-attack last year, with an average of 45% of production data affected per attack. For many, backup repositories were also corrupted.

These stats highlight the importance of planning for worst-case scenarios where significant portions of data are compromised across systems. Maintaining highly resilient backup and recovery capabilities is essential.

Paying Doesn’t Guarantee Recovery

While 80% of victims paid the ransom, one quarter still could not recover data, demonstrating that meeting demands is an unreliable path to restoration.

A prudent way forward is to invest in immutable backups and isolated recovery solutions instead of relying on attackers’ promises.

Quick triage, slow recovery

The triage process of determining which systems are infected and which backups are safe often delays restoration for weeks after an attack. The survey found it takes at least 3 weeks to recover per attack, leading to significant downtime.

You should seek recovery solutions that allow quick, scalable data verification to accelerate recovery timelines. Veeam data backup and recovery solutions offer best-in-class performance to keep your recovery on track.

Re-infection risks

Over half of organisations restored data without verifying its integrity first, risking re-infection of systems. 31% said they rely on immutable repositories, a best practice that does not always guarantee the newest data.

We recommend staging restorations in isolated environments to scan data before putting it into production to reduce the risk of re-infection.

Hybrid recovery options

71% of IT leaders would recover to the cloud and 81% to a data centre post-attack, with 29% only planning to recover to on-prem servers.

52% of IT leaders are considering a cloud and on-prem recovery solution, with managed disaster recovery-as-a-service (DRaaS) platforms growing in popularity.

We recommend leveraging both on-prem and cloud infrastructures for maximum flexibility when primary sites are compromised.

Immutable backups

82% of organisations now use immutable cloud backups, and 64% leverage immutable disk. This air-gapped approach prevents backup corruption, and as Veeam notes, it is very achievable for backup data across IT infrastructure.

Aligning security and backup teams

Only 40% of survey respondents said their security and backup teams are well-aligned and on the same page, a worrying statistic since collaboration and coordination between teams are critical to preventing and responding to attacks.

Call us +44 (0) 208 017 0007

Email us uksales@dsiltd.co.uk

WHO WE ARE

OUR PARTNERS

CASE STUDIES

HOW TO FIND US

CURRENT STOCK

DSI BLOG

SUSTAINABILITY, ENVIRONMENTAL & ETHICS POLICY

CHARITY & COMMUNITY

FRAMEWORK AGREEMENTS

DSI EVENTS

CAREERS