HYCU Tool Assesses Ransomware Recovery Ability

HYCU, a provider of a backup and recovery platform, today made available an open source tool that enables organizations to assess their ability to recover from a ransomware attack.

Simon Taylor, HYCU CEO, said R-Score is a public service offered by HYCU that enables organizations to score an organization’s ransomware recovery readiness in a way that is similar to the methodology financial institutions use to evaluate credit risks.

It takes roughly 10 minutes for an organization to complete an assessment that then scores how well organizations might be able to first repel and then recover from ransomware attacks. The assessment and score are based on five key categories: backup process, backup infrastructure, security and networking, restore processes and disaster recovery.

A score ranging from 0 to 1000 is generated along with recommendations for how to improve those scores. It’s up to each individual organization to determine how to strengthen those processes. No user data or information related to generating the initial R-Score is stored or captured in any form that would identify the user of the tool.

Backup and recovery tools are the only sure way to recover from a ransomware attack once files are encrypted. However, being able to recover a pristine copy of any given data set is often more challenging than most organizations typically expect. Backup files are frequently corrupted. Unfortunately, most organizations don’t regularly test their ability to recover files.

Worse yet, the malware that infected their IT environment might have been copied inadvertently along with the files that organizations are hoping to use to recover from the ransomware attack. It’s only when attempts are made to recover those files that organizations realize the backup files have also been encrypted.

As a result, there is now a lot more focus on the data protection processes IT teams have in place. Because organizations are more dependent on IT than ever to drive revenue, in many cases, they are as focused on recovery time objectives (RTOs) as they are recovery point objectives (RPOs).

In an ideal world, most backup processes would be fully automated. Any time a ransomware attack is detected, there is also a need to trigger a data backup that excludes the malware that is starting to infect the rest of the IT environment. An organization might lose some data, but the entire organization should not be paralyzed because of a ransomware attack.

In some organizations, however, backup and recovery is managed in isolation from cybersecurity. The primary purpose of backup and recovery has been to facilitate end user recovery of the occasional file. Once in a while, a disaster strikes and renders IT infrastructure unavailable; this results in the need to recover a large number of files over the course of a few days. Ransomware attacks, though, have changed the nature of the data protection game. Now, organizations are looking for ways to recover as much of their data as possible in a few hours. It’s not clear how many organizations can meet that expectation, but the worst time to find out is always going to be after a ransomware attack has been launched.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard