Sathya Sankaran, Head of Cloud-Products HYCU at IT Press Tour
Through R-Score at getrscore.org, HYCU offers a free self-assessment that lets companies check their ransomware recovery readiness and receive concrete recommendations for improvement.

Few companies meet the backup requirements needed to recover from ransomware without paying. A new HYCU guide outlines where preparation falls short and the five steps that matter once an attack hits.

Why paying rarely pays off

Wiring the ransom can look like the fastest way back to normal operations for many affected companies. Figures compiled by HYCU in a recent guide to ransomware recovery tell a different story: of the companies that pay an initial ransom demand, 60 percent initially regain access to their data, 32 percent must make further payments before recovery succeeds, and 8 percent never get their data back at all. Even when a decryption key arrives, restoring systems typically takes several weeks, according to HYCU.

The vendor points to four additional cost factors. Many cyber insurance policies exclude coverage once a ransom is paid, while US premiums have already risen by roughly 35 percent on average. The US Treasury has also warned that payments to sanctioned entities can trigger OFAC penalties regardless of intent. Companies that pay are marked within the criminal ecosystem and are often targeted again, sometimes by the same group, with each payment helping fund the next campaign.

Worldwide, 84.5 percent of affected companies recovered without paying, according to HYCU. That path, however, depends on preparation made well before an attack occurs.

Three conditions for resilient backups

A backup that fails to meet any one of three conditions can be encrypted along with the rest of the infrastructure, HYCU argues. First, storage must be immutable: data must not be altered or deleted by anyone, including administrators, until the retention period expires. HYCU relies on WORM storage with Object Lock enabled on S3-compatible systems. Second, backups must be isolated from the production environment by an air gap, separated through network segmentation with no shared credentials or trust relationships; the vendor’s virtual appliance uses a hardened Linux base image with no root access and SSH disabled. Third, access must be restricted: role-based access control, multi-tenancy, and separation of duties are meant to prevent even super-administrators from manually deleting backups.

Preparation remains the exception

Together with ActualTech Media, HYCU surveyed IT leaders on the state of their ransomware preparedness. 65 percent expressed no full confidence in their existing backup solutions. Among those affected, 52 percent suffered measurable data loss and 63 percent experienced operational disruption. Only 41 percent isolate their backups with an air gap, only 47 percent test them regularly, and just 35 percent consider their current tools adequate. At the same time, 77 percent of company boards are now actively engaged in ransomware prevention discussions — interest exists, but the architectural fixes largely lag behind.

“Given the multimillion-dollar costs associated with ransomware attacks — not to mention the damage to brand and employee morale — companies cannot afford to be without a plan,” HYCU founder and CEO Simon Taylor is quoted as saying in the release.

Five stages of recovery

HYCU describes recovery as a sequence of five stages, with speed at each stage determining the extent of the damage: detecting unusual file changes and backup anomalies, containing the incident through immediate isolation of affected systems and halting replication, assessing the damage and the last clean recovery point, recovering application by application in order of dependencies, and finally hardening by closing the exploited vulnerability, reviewing access policies, and holding a post-incident debrief.

Free self-assessment

Through R-Score, available at getrscore.org, HYCU offers a free assessment that rates a company’s ransomware recovery readiness using a model similar to a credit score. It evaluates backup architecture, recovery process, testing frequency, and organizational readiness. According to HYCU, most companies score lower than they expected.

By Jakob Jung

Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM. Contact via Mail: jakob.jung@security-storage-und-channel-germany.de

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Cookie Notice by Real Cookie Banner