Leading Auto Manufacturer Hyundai Implements Workspot Enterprise Desktop Cloud. Learn More

No one wants to face a ransomware attack and if they do, they sure don’t want to advertise it! However, illustrating the power of Workspot’s Cloud PC for Ransomware Recovery solution using real-world examples can serve as a guide for organizations to fill a significant gap in their business continuity plans. This is why we have anonymized this story, so other organizations can benefit from this experience.

nbsp;

PREVENTION IS ONLY PART OF THE PLAN, AND IT’S NOT ENOUGH!

Cybersecurity, and in particular ransomware concerns, lead the list of things keeping the C-Suite awake at night. By all accounts, the frequency and sophistication of ransomware attacks continues to grow at an alarming rate, with most experts positing that it’s not a matter of “if”, but “when” your organization will be victimized. A comprehensive business continuity plan that includes ransomware prevention, detection, mitigation and recovery coverage is essential.

nbsp;

AN EYE-OPENING EXPERIENCE

Organizations that have shared their ransomware attack stories with us describe an immersive, exhausting experience for their teams, many of whom suffered sleepless nights as they navigated their way through the ransomware remediation process. They described it as an intensive learning experience that, while no one wanted to go through it, was ultimately a real eye-opener. It’s difficult to imagine what it must feel like to be forced to work cooperatively with criminals; in many cases, organizations have no choice because their data is compromised, and they need those encryption keys. For one organization, it was a surprise that the ransomware gang knew exactly the amount of ransom they could demand. They discovered that the gang had obtained a copy of the firm’s insurance policy. It was also ironic that the ransomware gang had a “help desk” to guide victims through the process of responding to the attack and negotiating a settlement. All communication was via chat through the ransomware gang’s help desk. A recovery plan is essential for an efficient and effective response

nbsp;

TOP 10 TAKEAWAYS

Here are the top 10 key takeaways they derived from the learning experience that went hand-in-hand with their remediation efforts:
  1. Cybersecurity insurance is essential. Make sure you understand in detail what actions are required (or prohibited!) to ensure payout
  2. Keep the insurance policy and other highly sensitive contracts in a separate, secure location so they are not exfiltrated and used against you
  3. Have an Extended Detection and Response (XDR) or Managed Detection and Response (MDR) solution in place4. Implement a network vulnerability scanning tool
  4. Implement a network vulnerability scanning tool
  5. Conduct third party PEN testing on a yearly schedule
  6. Remove admin rights for physical PCs so people cannot install software; strengthen password policy
  7. Have 3 layers of backups: Local, Public Cloud, Immutable
  8. Conduct Employee training every October. Cybersecurity Awareness Month is a good time for additional focus on ransomware prevention and recovery planning. Communicate ongoing reminders about attack vectors
  9. Have cash on hand –you’ll have to pay up front as insurance companies only reimburse
  10. Workspot Cloud PCs were essential for recovering productivity within hours of the attack

IS THERE AN “ACCESS GAP” IN YOUR PLAN?

Despite the best efforts of expert IT and risk management teams, most recovery plans have an access gap. When it comes to the financial consequences of ransomware, typically much of the focus is on whether or nota ransom will be paid. Fortunately, if the ultimate resolution involves a ransom payment, many cybersecurity insurance policies cover this cost. However, the time it takes for insurance representatives, attorneys, security experts and IT teams to make that determination, navigate demands from the perpetrators, make the payment, and then get the business back up and running is, on average, 30 days. During that 30 days, business productivity has come to a halt, because people’s PCs are infected. How will you get new endpoints out to everyone quickly to keep the business running while you deal with all the intricacies of remediation? How much will 30 days (or more!) of downtime cost your organization, both monetarily and in brand reputation impact? The “access gap” in your plan can cost millions. Cloud PCs keep the business running during remediation.

nbsp;

THE NEW STRATEGY FOR RANSOMWARE RECOVERY: CLOUD PCs

Cloud PC adoption continues to gain momentum as IT and business leaders discover the everyday security and agility benefits that take enterprise organizations into the future. Ransomware recovery is a use case for which the right Cloud PC solution is uniquely suited. Think of Workspot Cloud PCs as your offensive strategy for keeping your business running after an attack. In this situation, we did not have an existing relationship with the organization suffering the attack. One of their employees had experience with Workspot at a previous company, and he placed a call on a Sunday to the Workspot Customer Support Team. Our team of experts jumped in immediately to help and were able to deploy a large number of Cloud PCs and workstations to key individuals whose productivity was critical to meeting project deadlines. In less than 48 hours, these individuals were fully productive, accessing their cloud-based applications via their Workspot Cloud PCs in Microsoft Azure.Even though this customer had an “access” gap, and we were able to get their users to full productivity within two days, there are three key reasons companies should be more prepared for the recovery phase:

  1. Capacity: Each public cloud has capacity limitations in different parts of the world. It is unlikely that a large amount of capacity will be available on-demand in the public cloud region the customer choose to use.
  2. Isolation: The Cloud PCs should be staged and ready to go into an environment that is isolated from the infected network. This means setting up an alternative to Active Directory.
  3. Data & Applications: Once the Cloud PCs are up and running in an isolated environment, they need access to data and applications. We recommend that the customer stages and periodically tests integration between the isolated environment and the backup data and application sites.

ABOUT WORKSPOT

Workspot is the only cloud-native solution that delivers enterprise-class Cloud PCs. This innovative service lets IT securely stream the right compute capabilities for each user, on any device, anywhere they want to work. As the only Cloud PC solution that operates across all the major public clouds –Microsoft Azure, Amazon Web Services, and Google Cloud –Workspot is uniquely positioned to address today’s remote work challenges by providing a multi-cloud and multi-region approach to end user computing. Simple to deploy, scale, and operate, Workspot’s award winning Cloud PC solution benefits IT as well as end users with a seamless work experience that enhances productivity while maintaining the highest performance standards for intensive workloads. For more information on Workspot CloudPC solutions please visit www.workspot.com.

Latest Resources

We're here to help! Access these valuable resources to help guide your journey to cloud desktops.

The Scoop: Workspot Joins IGEL at DISRUPT23 in Munich

The Workspot team is excited to be heading to Munich for IGEL DISRUPT23, which is February 14-16 at the INFINITY Hotel... Read more

BLOG
Starlink and Workspot Cloud PCs? A Match Made in Space!

Starlink provides satellite Internet access to over 40 countries. Operated by SpaceX, a constellation of 3,300 small satellites currently orbit... Read more

BLOG
Customer Case Study Video – Rabbinical Courts are leading the way with Cloud Transformation

Rabbinical Courts are leading the way with Cloud Transformation as a part of Israel’s Nimbus Project. Implementing Workspot, Google Cloud helped Rabbinical Courts to enable hybrid work for all of their employees.

Videos