Ransomware attacks are not just as simple as restoring from backup.

Any company that has had a ransomware attack needs to consider the attack vector.
If the attacker has entered via remote access software such as Remote Desktop Services, then the business should consider until proven otherwise that the intruder has had access for a significant period of time — the statistic here is that a breach is typically undiscovered for 6 months, during which time the attacker may have:
  • Escalated privileges and created new user accounts
  • Moved laterally through your infrastructure
  • Exfiltrated parts of your companies sensitive information
  • Discovered Personally Identifiable Information, and depending upon your industry: medical records
  • ¬†Altered the content of business documents
  • Installed rootkits, key-loggers and other malware
Personally Identifiable Information disclosure will open the business regulatory requirements under the New Zealand Privacy Act. Further liabilities may cascade from here.

While part of the answer here is a disaster recovery plan and recovering from backup. The problem is that often the first full test-restore is during a recovery.

Some of the common points of failure are:
  • No cloud based / offsite backups
  • Password re-use to a cloud backup
  • Backup user logged in, or saved credentials
  • If the backup is entirely on local storage: complacency around rotating the drives
  • Running out of storage on the backup disks
  • Singular backup media
  • Backup not suitable for the type of restore — for instance backing up an on-premise server through Azure does not result in a bare metal restore.
  • Did you record the encryption key for the backup?
  • Did you leave the encryption key on the disk in plain-text when you configured the backup?
And These are just a few of the restore from backup questions to take in to account.

Further considerations

If the average breach takes 69 days to fully contain, this means that the business capabilities will be diminished in some way for that period. After the attack has been contained, and the business fully functional you are going to have seen some costs:
  • Monetary
  • Productivity
  • Interpersonal
  • Reputation


Business-ending events cause trauma, feelings of loss and financial hardship for the owners, their staff, clients and suppliers. In 60% of cases; businesses that have a cyber security breach will cease trading within 6 months.

We protect your livelihood by designing comprehensive plans to prevent a cyber attack becoming a breach.

What kind of problem do you have?

  • Cannot perform payroll or invoicing
  • Email is not working
  • One or more critical servers is not working
  • Ransomware attack
  • Phone system down
  • Lost critical files
  • Cyber attack in progress

Solve your problem now:

0800 121 231
09 972 9323

Save money with this 33% discount on labour

One voucher per visit.
No fix, no fee.