No one wants to face a ransomware attack and if they do, they sure don’t want to advertise it! However, illustrating the power of Workspot’s Cloud PC for Ransomware Recovery solution using real-world examples can serve as a guide for organizations to fill a significant gap in their business continuity plans. This is why we have anonymized this story, so other organizations can benefit from this experience.

Cybersecurity, and in particular ransomware concerns, lead the list of things keeping the C-Suite awake at night. By all accounts, the frequency and sophistication of ransomware attacks continues to grow at an alarming rate, with most experts positing that it’s not a matter of “if”, but “when” your organization will be victimized. A comprehensive business continuity plan that includes ransomware prevention, detection, mitigation and recovery coverage is essential.

Organizations that have shared their ransomware attack stories with us describe an immersive, exhausting experience for their teams, many of whom suffered sleepless nights as they navigated their way through the ransomware remediation process. They described it as an intensive learning experience that, while no one wanted to go through it, was ultimately a real eye-opener. It’s difficult to imagine what it must feel like to be forced to work cooperatively with criminals; in many cases, organizations have no choice because their data is compromised, and they need those encryption keys. For one organization, it was a surprise that the ransomware gang knew exactly the amount of ransom they could demand. They discovered that the gang had obtained a copy of the firm’s insurance policy. It was also ironic that the ransomware gang had a “help desk” to guide victims through the process of responding to the attack and negotiating a settlement. All communication was via chat through the ransomware gang’s help desk. A recovery plan is essential for an efficient and effective response

Here are the top 10 key takeaways they derived from the learning experience that went hand-in-hand with their remediation efforts:

Despite the best efforts of expert IT and risk management teams, most recovery plans have an access gap. When it comes to the financial consequences of ransomware, typically much of the focus is on whether or nota ransom will be paid. Fortunately, if the ultimate resolution involves a ransom payment, many cybersecurity insurance policies cover this cost. However, the time it takes for insurance representatives, attorneys, security experts and IT teams to make that determination, navigate demands from the perpetrators, make the payment, and then get the business back up and running is, on average, 30 days. During that 30 days, business productivity has come to a halt, because people’s PCs are infected. How will you get new endpoints out to everyone quickly to keep the business running while you deal with all the intricacies of remediation? How much will 30 days (or more!) of downtime cost your organization, both monetarily and in brand reputation impact? The “access gap” in your plan can cost millions. Cloud PCs keep the business running during remediation.

Cloud PC adoption continues to gain momentum as IT and business leaders discover the everyday security and agility benefits that take enterprise organizations into the future. Ransomware recovery is a use case for which the right Cloud PC solution is uniquely suited. Think of Workspot Cloud PCs as your offensive strategy for keeping your business running after an attack. In this situation, we did not have an existing relationship with the organization suffering the attack. One of their employees had experience with Workspot at a previous company, and he placed a call on a Sunday to the Workspot Customer Support Team. Our team of experts jumped in immediately to help and were able to deploy a large number of Cloud PCs and workstations to key individuals whose productivity was critical to meeting project deadlines. In less than 48 hours, these individuals were fully productive, accessing their cloud-based applications via their Workspot Cloud PCs in Microsoft Azure.Even though this customer had an “access” gap, and we were able to get their users to full productivity within two days, there are three key reasons companies should be more prepared for the recovery phase:

1. Capacity: Each public cloud has capacity limitations in different parts of the world. It is unlikely that a large amount of capacity will be available on-demand in the public cloud region the customer choose to use.
2. Isolation: The Cloud PCs should be staged and ready to go into an environment that is isolated from the infected network. This means setting up an alternative to Active Directory.
3. Data & Applications: Once the Cloud PCs are up and running in an isolated environment, they need access to data and applications. We recommend that the customer stages and periodically tests integration between the isolated environment and the backup data and application sites.

Workspot is the only cloud-native solution that delivers enterprise-class Cloud PCs. This innovative service lets IT securely stream the right compute capabilities for each user, on any device, anywhere they want to work. As the only Cloud PC solution that operates across all the major public clouds –Microsoft Azure, Amazon Web Services, and Google Cloud –Workspot is uniquely positioned to address today’s remote work challenges by providing a multi-cloud and multi-region approach to end user computing. Simple to deploy, scale, and operate, Workspot’s award winning Cloud PC solution benefits IT as well as end users with a seamless work experience that enhances productivity while maintaining the highest performance standards for intensive workloads. For more information on Workspot CloudPC solutions please visit www.workspot.com.