www.rubrik.com
Open in
urlscan Pro
23.53.43.18
Public Scan
Submitted URL: http://mkto.rubrik.com/Nzk0LU9IRi02NzMAAAGQvMNWEe7e5Vi5g_--rkQlF5jMTi1xSzC7LBXpKxMvag7L1xZVxXPS26-i6FrN3PRG9Ny7wVM=
Effective URL: https://www.rubrik.com/collections/security?utm_source=marketo&utm_medium=email&mkt_tok=Nzk0LU9IRi02NzMAAAGQvMNWESPmNzt...
Submission: On January 24 via manual from US — Scanned from DE
Effective URL: https://www.rubrik.com/collections/security?utm_source=marketo&utm_medium=email&mkt_tok=Nzk0LU9IRi02NzMAAAGQvMNWESPmNzt...
Submission: On January 24 via manual from US — Scanned from DE
Form analysis 2 forms found in the DOM
<form class="marketo-form marketo-form--forced mktoForm mktoHasWidth mktoLayoutAbove" id="mktoForm_3866" data-target-id="3866" data-submit-text="Submit" data-marketo-script="//app-abd.marketo.com" data-munchkin-id="794-OHF-673"
data-disable-clearbit="false" novalidate="novalidate" style="font-family: Helvetica, Arial, sans-serif; font-size: 14px; color: rgb(51, 51, 51); width: 3141px;">
<div class="marketo-loading">
<div class="throbber" role="alert" aria-live="assertive"></div>
<div class="loading-message" classname="hidden">Please wait for the form to load</div>
</div>
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoInset .mktoButton {
color: #000;
background: #fff;
border: 1px solid #aeb0b6;
padding: 0.4em 1em;
font-size: 1em;
box-shadow: 1px 1px 6px 1px #ccc;
background-color: #f5f5f5;
background-image: -webkit-gradient(linear, left top, left bottom, from(#f5f5f5), to(#dfdfdf));
background-image: -webkit-linear-gradient(top, #f5f5f5, #dfdfdf);
background-image: -moz-linear-gradient(top, #f5f5f5, #dfdfdf);
background-image: linear-gradient(to bottom, #f5f5f5, #dfdfdf);
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:hover {
border: 1px solid #999;
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:focus {
outline: none;
border: 1px solid #999;
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:active {
box-shadow: inset 1px 1px 6px 1px #ccc;
background-color: #dfdfdf;
background-image: -webkit-gradient(linear, left top, left bottom, from(#dfdfdf), to(#f5f5f5));
background-image: -webkit-linear-gradient(top, #dfdfdf, #f5f5f5);
background-image: -moz-linear-gradient(top, #dfdfdf, #f5f5f5);
background-image: linear-gradient(to bottom, #dfdfdf, #f5f5f5);
}
</style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField focus-start"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 368px;">
<div class="mktoAsterix">*</div>Email Address:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div>
<div class="js-field-wrap"><input id="Email" name="Email" placeholder="" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true"
style="width: 368px;" autocomplete="off" role="presentation"></div><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderFirstName"></div>
<div class="mktoPlaceholder mktoPlaceholderLastName"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderCompany"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderTitle"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderPhone"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Country" id="LblCountry" class="mktoLabel mktoHasWidth" style="width: 368px;">
<div class="mktoAsterix">*</div>Country:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div>
<div class="js-field-wrap"><select id="Country" name="Country" title="Country (Required)" aria-labelledby="LblCountry InstructCountry" class="mktoField mktoHasWidth mktoRequired" aria-required="true" style="width: 368px;" placeholder="">
<option value=""></option>
<option value="United States">United States</option>
<option value="Canada">Canada</option>
<option value="Albania">Albania</option>
<option value="American Samoa">American Samoa</option>
<option value="Anguilla">Anguilla</option>
<option value="Antigua and Barbuda">Antigua and Barbuda</option>
<option value="Argentina">Argentina</option>
<option value="Aruba">Aruba</option>
<option value="Australia">Australia</option>
<option value="Austria">Austria</option>
<option value="Bahamas">Bahamas</option>
<option value="Bahrain">Bahrain</option>
<option value="Bangladesh">Bangladesh</option>
<option value="Barbados">Barbados</option>
<option value="Belgium">Belgium</option>
<option value="Belize">Belize</option>
<option value="Bermuda">Bermuda</option>
<option value="Bolivia">Bolivia</option>
<option value="Bonaire, Sint Eustatius and Saba">Bonaire, Sint Eustatius and Saba</option>
<option value="Brazil">Brazil</option>
<option value="Brunei Darussalam">Brunei Darussalam</option>
<option value="Bulgaria">Bulgaria</option>
<option value="Cambodia">Cambodia</option>
<option value="Cayman Islands">Cayman Islands</option>
<option value="Chile">Chile</option>
<option value="China">China</option>
<option value="Colombia">Colombia</option>
<option value="Cook Islands">Cook Islands</option>
<option value="Costa Rica">Costa Rica</option>
<option value="Croatia">Croatia</option>
<option value="Curacao">Curacao</option>
<option value="Cyprus">Cyprus</option>
<option value="Czech Republic">Czech Republic</option>
<option value="Denmark">Denmark</option>
<option value="Dominica">Dominica</option>
<option value="Dominican Republic">Dominican Republic</option>
<option value="Ecuador">Ecuador</option>
<option value="Egypt">Egypt</option>
<option value="El Salvador">El Salvador</option>
<option value="Estonia">Estonia</option>
<option value="Faroe Islands">Faroe Islands</option>
<option value="Finland">Finland</option>
<option value="France">France</option>
<option value="French Guiana">French Guiana</option>
<option value="French Polynesia">French Polynesia</option>
<option value="Germany">Germany</option>
<option value="Greece">Greece</option>
<option value="Greenland">Greenland</option>
<option value="Grenada">Grenada</option>
<option value="Guadeloupe">Guadeloupe</option>
<option value="Guam">Guam</option>
<option value="Guatemala">Guatemala</option>
<option value="Guyana">Guyana</option>
<option value="Haiti">Haiti</option>
<option value="Honduras">Honduras</option>
<option value="Hong Kong">Hong Kong</option>
<option value="Hungary">Hungary</option>
<option value="Iceland">Iceland</option>
<option value="India">India</option>
<option value="Indonesia">Indonesia</option>
<option value="Ireland">Ireland</option>
<option value="Israel">Israel</option>
<option value="Italy">Italy</option>
<option value="Jamaica">Jamaica</option>
<option value="Japan">Japan</option>
<option value="Jordan">Jordan</option>
<option value="Kuwait">Kuwait</option>
<option value="Latvia">Latvia</option>
<option value="Laos">Laos</option>
<option value="Lebanon">Lebanon</option>
<option value="Liechtenstein">Liechtenstein</option>
<option value="Lithuania">Lithuania</option>
<option value="Luxembourg">Luxembourg</option>
<option value="Macao">Macao</option>
<option value="Malaysia">Malaysia</option>
<option value="Maldives">Maldives</option>
<option value="Martinique">Martinique</option>
<option value="Mauritania">Mauritania</option>
<option value="Mexico">Mexico</option>
<option value="Micronesia, Federated States Of">Micronesia, Federated States Of</option>
<option value="Monaco">Monaco</option>
<option value="Montserrat">Montserrat</option>
<option value="Morocco">Morocco</option>
<option value="Myanmar">Myanmar</option>
<option value="Nepal">Nepal</option>
<option value="Netherlands">Netherlands</option>
<option value="New Caledonia">New Caledonia</option>
<option value="New Zealand">New Zealand</option>
<option value="Nicaragua">Nicaragua</option>
<option value="Nigeria">Nigeria</option>
<option value="Norway">Norway</option>
<option value="Oman">Oman</option>
<option value="Pakistan">Pakistan</option>
<option value="Panama">Panama</option>
<option value="Paraguay">Paraguay</option>
<option value="Peru">Peru</option>
<option value="Philippines">Philippines</option>
<option value="Poland">Poland</option>
<option value="Portugal">Portugal</option>
<option value="Qatar">Qatar</option>
<option value="Reunion">Reunion</option>
<option value="Romania">Romania</option>
<option value="Russian Federation">Russian Federation</option>
<option value="Saint Kitts and Nevis">Saint Kitts and Nevis</option>
<option value="Saint Lucia">Saint Lucia</option>
<option value="Saint Vincent and the Grenadines">Saint Vincent and the Grenadines</option>
<option value="Samoa">Samoa</option>
<option value="Saudi Arabia">Saudi Arabia</option>
<option value="Serbia">Serbia</option>
<option value="Singapore">Singapore</option>
<option value="Sint Maarten (Dutch part)">Sint Maarten (Dutch part)</option>
<option value="Slovenia">Slovenia</option>
<option value="Slovakia">Slovakia</option>
<option value="Solomon Islands">Solomon Islands</option>
<option value="South Africa">South Africa</option>
<option value="South Korea">South Korea</option>
<option value="Spain">Spain</option>
<option value="Sri Lanka">Sri Lanka</option>
<option value="Suriname">Suriname</option>
<option value="Swaziland">Swaziland</option>
<option value="Sweden">Sweden</option>
<option value="Switzerland">Switzerland</option>
<option value="Taiwan">Taiwan</option>
<option value="Thailand">Thailand</option>
<option value="Timor-Leste">Timor-Leste</option>
<option value="Trinidad and Tobago">Trinidad and Tobago</option>
<option value="Tunisia">Tunisia</option>
<option value="Turkey">Turkey</option>
<option value="Turks and Caicos Islands">Turks and Caicos Islands</option>
<option value="United Arab Emirates">United Arab Emirates</option>
<option value="United Kingdom">United Kingdom</option>
<option value="Uruguay">Uruguay</option>
<option value="Vanuatu">Vanuatu</option>
<option value="Venezuela">Venezuela</option>
<option value="Vietnam">Vietnam</option>
<option value="Virgin Islands (British)">Virgin Islands (British)</option>
<option value="Yemen">Yemen</option>
<option value="Zambia">Zambia</option>
<option value="Zimbabwe">Zimbabwe</option>
</select></div><span id="InstructCountry" tabindex="-1" class="mktoInstruction">Country (Required)</span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderState"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderPostalCode"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="assetName" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Partner__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Campaign__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Content__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Term__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="Adobe_Experience_Cloud_ID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="GCLID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap no-float check-radio"><label for="Email_Opt_In__c" id="LblEmail_Opt_In__c" class="mktoLabel mktoHasWidth" style="width: 0px;">
<div class="mktoAsterix">*</div>
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div>
<div class="mktoLogicalField mktoCheckboxList mktoHasWidth" style="width: 300px;"><input name="Email_Opt_In__c" id="mktoCheckbox_51199_0" type="checkbox" value="yes"
aria-labelledby="LblEmail_Opt_In__c LblmktoCheckbox_51199_0 InstructEmail_Opt_In__c" class="mktoField" autocomplete="off" role="presentation"><label for="mktoCheckbox_51199_0" id="LblmktoCheckbox_51199_0">Please opt-in to receive future
marketing communications from Rubrik. I understand I can always opt out of marketing emails per the Rubrik <a href="https://www.rubrik.com/privacy-policy/" target="_blank">Privacy Policy</a></label></div><span id="InstructEmail_Opt_In__c"
tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset mktoHasWidth" style="width: 10px;"></div>
<div class="mktoFieldWrap">
<div class="mktoHtmlText mktoHasWidth" style="width: 260px;">By submitting this form, I understand that my personal information will be processed in accordance with
<a href="https://www.rubrik.com/legal/privacy-policy" target="_blank" id="">Rubrik's Privacy Policy</a>.</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="clearbitFormStatus" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="Website_Asset__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="en-pdf-comprehensive-ransomware-recovery-plan.pdf" placeholder="" autocomplete="off" role="presentation"
style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="Form_ID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="3866" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="ICID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="NULL" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoInset" style="margin-left: 7px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor" value="3866"
autocomplete="off" role="presentation"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="794-OHF-673" autocomplete="off" role="presentation"><input type="hidden" name="AssetName"
class="mktoField mktoFieldDescriptor" value="" autocomplete="off" role="presentation">
</form><form class="marketo-form marketo-form--forced mktoForm mktoHasWidth mktoLayoutAbove" data-target-id="3866" data-submit-text="Submit" data-marketo-script="//app-abd.marketo.com" data-munchkin-id="794-OHF-673" data-disable-clearbit="false"
novalidate="novalidate" style="font-family: Helvetica, Arial, sans-serif; font-size: 14px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
* * * * * CONTACT US * Ransomware for Dummies * The State of Data Security * Comprehensive Ransomware Recovery Plan * Prepare and Recover from a Ransomware Attack * Buyers Guide to Ransomware Recovery * Data Security Made Easy / 16 210% Framework for a Comprehensive Ransomware Recovery Plan August 2021 How your organization can prepare for and quickly recover from a ransomware attack WHITE PAPER TABLE OF CONTENTS3 WHY YOU NEED A GOOD RANSOMWARE RECOVERY PLAN 5 PHASE 0: PLANNING AND PREPARATION 5 Proper preparation prevents poor performance 5 Create the planning and recovery team 6 Perform a business impact assessment 6 Identify critical data to prevent data exfiltration 7 Document policies 7 Put in place resources for backup, response, recovery, and ransom payments 8 Create a playbook 9 PHASE 1: DETECTION, ALERTING, AND CONTAINMENT 9 Detect attacks early (if possible) 9 Alert IT staff and stakeholders 10 Contain the attack 10 Retain backups 11 PHASE 2: ANALYSIS AND RESPONSE 11 Involve the cyber insurance provider and security experts 11 Analyze the attack 11 Determine the most recent usable backups and how quickly they can be obtained and deployed 12 Decide on a response to the ransom demands 13 PHASE 3: RECOVERY 13 Activate the recovery zone 13 Identify the critical services and applications affected by the attack 13 Restore the data and restart applications 13 Move applications back to the production environment 14 PHASE 4: REMEDIATION 14 Eradicate traces of the attack 14 Document the incident and the response 14 Remediate vulnerabilities and strengthen security 15 HOW RUBRIK CAN HELP 15 Identify and protect critical data 15 Detect attacks early 15 Immutable backups 15 Granular recovery 16 APPENDIX: KEY DECISIONS 16 Phase 0: Planning and Preparation 16 Phase 1: Detection, Alerting, and Containment 16 Phase 2: Analysis and Response 16 Phase 3: Recovery 16 Phase 4: Remediation WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN3 WHY YOU NEED A GOOD RANSOMWARE RECOVERY PLAN Ransomware attacks have evolved from crude efforts by small-time hackers into multi-step, targeted campaigns from sophisticated cybercriminal gangs and state-sponsored groups. Instead of merely encrypting data on a few disk drives, the new attacks often target infrastructure, encrypt backups, and exfiltrate sensitive information and threaten to disclose it to the world. Even after enterprises pay ransoms, it can take days or weeks to recover data, remediate security issues, and restart all operations. To complicate matters further, parts of the recovery process may be driven by regulatory requirements for disclosure, policies dictated by cybersecurity insurance providers, and business needs to prioritize mission-critical applications. These complications, together with the ever-growing costs of ransomware attacks, make it imperative to develop a good ransomware recovery plan. Enterprises should create a detailed playbook that outlines the people involved in responding to a ransomware attack, the policies and procedures they should follow, the resources they will need, and alternative courses of action they can follow based on the nature of the attack. A good ransomware recovery plan can help your organization: • Respond quickly and confidently in a crisis setting • Recover data and restart applications faster, starting with the most critical business operations • Reduce costs related to business interruptions, remediation and recovery, and potentially ransom payments • Meet requirements from the board, executives, auditors, and cybersecurity insurers for complete ransomware recovery and business continuity plans This document lays out a framework for a comprehensive ransomware recovery plan. It suggests best practices in areas including preparation, staffing, stakeholder notification, containing the attack, data recovery, remediation, and learning from experience. Figure 1 summarizes the phases of the plan and the activities that should be documented in the playbook.Phase 0: Planning and Preparation Create the planning and recovery team Perform a business impact assesment Identify critical data Document policies Put in place resources Phase 1: Detection, Alerting, and Containment Detect attacks early Alert IT staff and stakeholders Contain the attack Retain backups Phase 2: Analysis and Response Involve the insurance provider and security experts Analyze the attack Verify that usable backups are available Decide on a response to ransom demands Phase 3: Recovery Activate the recovery zone Identify the critical services and applications Restore data and restart processes Move applications back to the production environment Phase 4: Remediation Eradicate traces of the attack Document the incident and the response Remediate vulnerabilities and strengthen security WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN4 DO REGULAR BACKUPS PROTECT AGAINST RANSOMWARE? Not necessarily. A common misconception about ransomware is that “we are protected because we back up all of our data.” Regular backups are essential, but they can lull organizations into a false sense of security. There are two reasons why traditional backup strategies may fail to protect against ransomware attacks. Cybercriminals have developed ways of encrypting or corrupting online backups. An estimated two-thirds of ransomware attacks target backup systems. Often, when attackers gain a foothold on a network, one of their first actions is to start encrypting or corrupting backup data. Typically, this occurs two weeks or more before they begin encrypting production data. When enterprises realize they are under attack, they find weeks of their backups are unusable. Recovering backed-up data can take so long that organizations are forced to pay ransoms anyway. Backing up data to tapes and storing them offsite used to provide a “gold standard’ of data protection, but this is no longer the case. It can take several days to find the latest tapes, bring them back onsite, mount, and run them. Also, it is difficult to restore selectively from tape; you have to restore all files, not just the ones that were encrypted. Many enterprises cannot afford to wait for these operations to complete before restarting critical business systems. WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN5 PHASE 0: PLANNING AND PREPARATION PROPER PREPARATION PREVENTS POOR PERFORMANCE A ransomware recovery plan can be either a standalone document or a substantial section of a business continuity and disaster recovery (BCDR) plan. Either way, it is critical that the organization invest in developing a plan that will work under real-world conditions in a high-stress environment. First and foremost, that calls for assigning the right people to the team. It is also important to carve out enough time in their schedules to participate in all the research, analysis, and discussion required to come up with an effective plan. In addition, organizations need to consider actions that must be taken in advance, before a ransomware attack becomes visible. This includes educating people outside of the IT organization in how to recognize and thwart attacks (for example by reporting phishing emails) and in how to contain attacks when they are detected. It also involves putting in place resources that will be needed when the plan is implemented, such as a secure recovery zone (which will be discussed later in this section). Finally, organizations should look at the planning process as a source of ideas for strengthening their security. The analysis and discussion that goes into creating the plan will identify actions that can prevent or reduce the impact of ransomware attacks, and data breaches as well. Here are some of the activities that should be involved in creating the plan, and in preparing for ransomware attacks before they strike. A. CREATE THE PLANNING AND RECOVERY TEAM The first step in developing a ransomware recovery plan is to assemble a ransomware (or business continuity) planning and recovery team that will create the plan and coordinate the response when an attack takes place. The size and composition of the team will vary according to the size and nature of the enterprise, but at a minimum it should include a core group with: • An executive sponsor, ideally from a business unit that would be affected by ransomware, who can secure resources and cooperation within the enterprise and communicate with top management and outside parties in the event of an attack • A representative from IT security or security operations with knowledge of ransomware attack methods and the security defenses in place • Representatives from the IT operations and networking teams with knowledge of the computing environment and backup and recovery processes • Someone from the legal department or governance, risk, and compliance (GRC) group with knowledge of compliance and cyber insurance issues Depending on the circumstances, the complete team might also include: • Members of the incident response group responsible for analyzing and containing attacks • Business managers who can assess the priority of applications and business systems • Members of the IT operations and IT security teams responsible for safely restoring data and applications • Members of the application development group responsible for restarting applications • A representative from public relations or public affairs responsible for managing public announcements and handling potential news coverage WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN6 B. PERFORM A BUSINESS IMPACT ASSESSMENT As we will see in the Recovery section below, regardless of whether an enterprise pays ransom or not, recovery from a sophisticated ransomware attack can take several days. Not all applications can be restarted at once. It is therefore very important to perform a business impact assessment. The assessment determines which business systems should be examined first to determine if they have been impacted by an attack, and if necessary, restored first. These assessments typically categorize applications in tiers, based on factors such as: • Criticality (i.e., potential impact on the health and safety of customers, employees, and members of the public) • Regulatory requirements and contractual obligations • Higher costs and lost revenue • Impact on reputation and brand Assessments usually categorize systems in three or four tiers, and sometimes assign recovery goals or service level agreements (SLAs) for each tier. C. IDENTIFY CRITICAL DATA TO PREVENT DATA EXFILTRATION Unfortunately, many of the cybercrime syndicates involved in ransomware have upgraded their campaigns with “double extortion ransomware.” In double extortion ransomware attacks, malware exfiltrates copies of victims’ data before encrypting the original files. The victims are then threatened with two negative outcomes: losing their production data, and having sensitive information leaked on the web such as personally identifiable information (PII) of customers and employees, financial account and social security numbers, product designs and other intellectual property, proprietary software, and potentially embarrassing internal emails and documents. To limit the potential impact of double extortion ransomware, the ransomware recovery team should identify critical data so the organization can: • In the event of an attack, quickly determine whether or not the ransomware attack reached the sensitive data • Better protect the data in the first place by taking steps such as limiting access, encrypting files, deploying additional security controls, and backing up more frequently If the organization can determine quickly that sensitive data was not, in fact, lost, then it may be able to limit regulatory fines and costs related to breach notification. And of course, reducing the amount of sensitive information exposed to ransomware reduces the time and effort needed for recovery. Organizations should also consider measures that protect the entire environment, such as expanding the use of multi-factor authentication (MFA). Many ransomware campaigns use stolen or weak passwords or brute force password attacks to access target networks and systems. By thwarting those methods, MFA can limit the spread of ransomware. Note that activities to identify and better protect critical data should be ongoing. The location of sensitive information will migrate as applications evolve and enterprises take advantage of dynamic public and private cloud platforms. WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN7 D. DOCUMENT POLICIES The middle of a crisis is no time to begin researching disclosure requirements or starting to think about whether the organization is able or willing to pay ransoms. The team should compile and document in advance regulatory, insurance, and corporate policies that need to be considered in responding to a ransomware attack. These include policies concerning: • When and how much to involve the enterprise’s cyber insurance provider in the response (usually right away, and deeply) • When and how to involve security forensics firms and outside technology vendors to help analyze and respond to an attack • If and when to contact law enforcement agencies such as the FBI, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and similar authorities around the world • If and when to disclose details to potentially affected parties such as customers and business partners • If and under what circumstances to pay ransoms E. PUT IN PLACE RESOURCES FOR BACKUP, RESPONSE, RECOVERY, AND RANSOM PAYMENTS When a ransomware attack strikes, it’s too late to improve your backup processes or buy and learn new tools to deal with the crisis. For the most part, you must work with the resources you have in place. Ideally these include: • Data backups that were made before the attack (or immutable backups, discussed in the last section of this paper) • Tools for analyzing the extent and impact of attacks • A secure recovery zone or facility for recovering data and restarting applications • A streamlined process for authorizing ransomware payments and a ready mechanism to purchase cryptocurrency for the payments (if necessary) Part of creating the recovery plan is analyzing the requirements for the recovery zone. It needs to include hardware and networking equipment that is “clean” (newly purchased or wiped so there is no possibility of being compromised by malware) where the recovery team can recover data, reinstall applications, and begin supporting the most critical applications. The zone should be a section of the data center isolated from the compromised corporate network with equipment available on standby. An alternative is to contract with a public cloud provider to provide capacity on demand. Organizations should also consider arranging for a retainer with a reputable cybersecurity consulting firm that has experience analyzing and containing ransomware attacks. DON’T FORGET YOUR CYBER INSURANCE PROVIDER For many enterprises, their cyber insurance provider plays a major role in setting policies about how to respond to ransomware attacks and under what circumstances to pay ransoms. It is critical to get input from the insurance company either directly or through someone in the legal or GRC groups who has a detailed knowledge of its practices and requirements. WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN8 F. CREATE A PLAYBOOK The final, crucial step in the preparation process is to create a playbook for the team and supporting groups. The playbook describes the steps that need to be taken under a variety of circumstances and who is responsible for performing them. Since the playbook will be used in high-pressure situations, it needs to be clear and concise. Because ransomware attacks can take different forms, the playbook can’t be a cookbook with one recipe, and should offer plans that cover a variety of likely contingencies. The next sections of this paper look at the types of processes that can be described in the playbook, organized in four phases: Phase 1: Detection, Alerting, and Containment Phase 2: Analysis and Response Phase 3: Recovery Phase 4: Remediation WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN9 PHASE 1: DETECTION, ALERTING, AND CONTAINMENT A. DETECT ATTACKS EARLY (IF POSSIBLE) Most ransomware attacks are detected only in their final phase, after they have already encrypted data and interfered with business processing (resulting in a flood of calls to the help desk). In these cases, organizations need to move immediately to alert and contain the attacks. However, sometimes organizations may find clues pointing to ransomware attacks in progress, such as suspicious emails, communication with external IP addresses associated with threat actors or botnets, or malware known to be used in ransomware campaigns. When this happens, the ransomware playbook should include procedures to ramp up detection. For example: • Searching email filters and web logs to uncover phishing campaigns and other methods used to plant malware and compromise systems • Checking endpoints and antivirus products to find additional copies of malware associated with ransomware • Finding compromised or altered credentials, particularly those for administering domains and enterprise directories such as Active Directory • Monitoring internal networks and network gateways to detect data exfiltration and command and control (C2) communications between the attackers and compromised systems Positively identifying an attack early may enable an enterprise to contain it before it can inflict serious damage. Detection activities can also help identify what data, if any, has been exfiltrated, so the organization can assess the risks of data disclosure if the ransom is not paid. B. ALERT IT STAFF AND STAKEHOLDERS The playbook should have detailed instructions about who needs to be notified immediately of a ransomware attack, their contact information, the tasks they are expected to perform, and backup contacts in case the primary ones can’t be reached. The contact lists should include: • Members of the ransomware recovery team • Security operations, incident response, and IT operations staff members who will analyze and contain the attack • System and network administrators and application developers who will be involved in recovering data and restarting applications • Third parties that can help analyze the attack and outline alternative courses of action, such as the cyber insurance provider, a security consulting firm, and the IT vendors whose products were involved in or compromised by the attack • Business managers, application owners, and other internal stakeholders who may be affected by the attack and the related disruption in IT services • Executives, members of the legal and public relations staffs, and others who may need to notify customers, law enforcement and regulatory agencies, other third parties, and the public. WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN10 C. CONTAIN THE ATTACK Containing ransomware attacks is important for two reasons. First, the attackers often continue to extend their reach and encrypt new systems even after encrypting an initial set of systems and declaring their presence. Second, many of the steps involved in containment prevent attackers from coming back later and launching a new attack. The playbook should outline steps for containing the attack such as: • Quarantining all compromised systems • Locking compromised user accounts and changing their passwords • Blocking inbound and outbound network traffic from external IP addresses associated with the attack • Enforcing password changes for systems administrators and others with extensive privileges (if they are not already using MFA), in case their credentials have been stolen • Communicating with employees and other users of the enterprise’s systems to stop opening emails, and if possible to log off and shut down their computers D. RETAIN BACKUPS Most organizations delete backup files periodically. When a ransomware attack is detected, system administrators should retain all existing backup files in case they are needed for recovery. WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN11 PHASE 2: ANALYSIS AND RESPONSE A. INVOLVE THE CYBER INSURANCE PROVIDER AND SECURITY EXPERTS Today, many medium-sized and large organizations faced with a serious ransomware attack work with their cyber insurance provider (if they have one) and an outside security consulting firm to analyze the attack, decide how to respond to the ransom demand, and select an approach to recovering their data and restarting their applications. This is usually a good investment of time and money, since these firms have experience and specialized expertise that few enterprises can match. B. ANALYZE THE ATTACK Before deciding on a response to the attackers and a recovery plan, it is essential to analyze and understand the ransomware attack, its impacts, and feasible courses of action. The playbook should provide guidance on how to collect information and analyze the technology and techniques used in the attack. It should describe the steps to take so the organization can answer questions such as: • What vulnerabilities did the attackers exploit? • What methods did they use to gain an initial foothold in the network? • Did they acquire additional credentials on the network, and how did they move to additional systems? • What data, if any, have they exfiltrated from the network? • What files have they encrypted? A particularly valuable output of this analysis is the identification of the “blast radius” of the attack; that is, the systems that have been compromised and the files that have been encrypted or corrupted. Replacing all of an organization’s systems and restoring all of its data is a massive job that can take days or weeks. It also causes unnecessary information loss, because data that was not affected by the attack is rolled back to earlier versions. Enabling the organization to focus on a subset of the systems and files dramatically reduces the workload and shortens the time to full recovery. The analysis can also draw on the business impact assessment performed earlier to determine: • The impact of the attack on critical business systems and areas of the business • The cost of interrupted operations for shorter and longer periods • The feasibility and likely timeframes for recovery based on different scenarios, such as restoring data from backups and paying the ransom and recovering data using decryption keys provided by the attacker • The risk to the organization’s reputation and revenue if exfiltrated data is disclosed C. DETERMINE THE MOST RECENT USABLE BACKUPS AND HOW QUICKLY THEY CAN BE OBTAINED AND DEPLOYED The fact that an organization has a backup process doesn’t automatically mean that usable backups are available, or can be obtained and deployed quickly. As mentioned earlier, cybercriminal groups have evolved ways to encrypt or corrupt backup files. Sometimes recovery processes, especially those based on storing tapes at remote sites, are so slow that organizations can’t afford to wait. Organizations should determine the state of their backups before deciding how to respond to ransom demands. WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN12 D. DECIDE ON A RESPONSE TO THE RANSOM DEMANDS The ransomware response plan should include policies and guidance on how to respond to ransom demands. The first decision is whether the organization should have a policy against paying ransoms under any circumstances. The official policy of the FBI is that victims should not respond to ransom demands, primarily because payments encourage additional ransomware attacks.1 The U.S. Treasury Department has warned that paying ransoms to individuals and entities on the government’s Specially Designated Nationals and Blocked Persons List (SDN List) is a violation of federal laws such as the Trading with the Enemy Act2 . However, law enforcement agencies and other government authorities have generally recognized that enterprises need to make decisions that ensure their survival and limit harm to customers and clients that depend on their goods and services. In most cases, organizations need to weigh the costs and benefits of paying ransoms versus recovering their data from backups and restarting applications in a safe environment. But the factors leading to the decision are more complicated than most people realize. Paying the ransom offers the possibility of receiving decryption keys from the attacker and resuming operations quickly, at relatively little cost beyond the ransom payment (especially if the ransom is covered by insurance). However, this happy conclusion is by no means assured. Other possible outcomes include: • The attacker disappears from the web and can’t be contacted (which happened to the REvil ransomware gang in July 2021) • The attacker walks away with the ransom and fails to send the decryption keys • The attacker sends the decryption keys, but they don’t work, or work very slowly • The attacker sends a different encryption key for every one of hundreds of systems, and it takes days or weeks to decrypt the data in all of them • The attacker maintains a foothold in the enterprise’s network and repeats the attack at a later date Refusing to pay the ransom frees the enterprise from the onus of rewarding criminals, but the process of recovering data from backups and restarting applications can be problematic if: • The recent data backups have been encrypted or corrupted • A safe recovery zone needs to be assembled from scratch • The organization can’t determine the “blast radius” and must recover all of its data and restart all of its applications. In addition, refusing to pay the ransom increases the chance that sensitive or proprietary information will be disclosed. This must be factored into the cost-benefit analysis for paying or not paying ransom. Actually, there is a third option: pay the ransom and begin the process to recover data. However, this approach incurs both the cost of the ransomware payment and the effort and cost of recovering the data internally. A ransomware plan can’t anticipate all of the circumstances facing decision makers, but preparing the plan gives the organization an opportunity to carefully consider alternatives and decide on policies in a calm atmosphere, rather than in the pressure-cooker environment of an unfolding attack. The playbook also ensures that regulatory requirements and enterprise policies are considered, and that key players such as the cyber insurance provider and outside security consulting firm are brought into the discussion 1 “The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.” https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware 2 Ransomware Payments May Violate Sanctions Laws, U.S. Treasury Department Warns: https://www.natlawreview.com/article/ransomware-payments-may-violate-sanctions-laws-us-treasury-department-warns WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN13 PHASE 3: RECOVERY Recovery scenarios will differ based on the nature and extent of the ransomware attack, and on the decision about whether or not to pay the ransom. In this section we assume that the organization has decided to restore the data from backups and restart applications. A. ACTIVATE THE RECOVERY ZONE It is not a good idea for organizations to recover data and restart applications infrastructure that has been compromised by a ransomware attack. Instead, they should work in a recovery zone with clean servers, a trusted network, and re-installed versions of software tools and applications. The recovery zone should also have full backup facilities. Although applications will only reside there temporarily, for some period of time they will be generating live production data. As mentioned earlier, many enterprises set up a recovery zone with dedicated hardware and software on standby, to be able to respond quickly to ransomware attacks and other threats to business continuity. Organizations can also set up a virtual private cloud on a public cloud platform. B. IDENTIFY THE CRITICAL SERVICES AND APPLICATIONS AFFECTED BY THE ATTACK The playbook developed during planning and preparation should describe what services and applications need to be covered first. These include infrastructure services such as DNS servers and enterprise directories needed to operate applications, together with applications that impact the health and safety of customers and employees, that are needed to meet regulatory requirements and contractual obligations, and that have a major effect on the costs, revenue, and reputation of the enterprise. These are usually the “Tier 0” and “Tier 1” services and applications determined by the business impact assessment discussed earlier. However, it may not be necessary to restore all of the Tier 1 applications. Those outside of the “blast radius” of the attack do not need to be recovered. C. RESTORE THE DATA AND RESTART APPLICATIONS The ransomware recovery team should recover the data for the Tier 0 and Tier 1 applications in the recovery zone, then restart those applications and the services that support them. When the applications have been tested, users can be given access to the applications running in the recovery zone and start using them. The recovery process will go much faster if the organization has data tools that allow selective recovery. With that feature, system administrators can recover only the files that have been encrypted or corrupted in the ransomware attack, rather than all the files. D. MOVE APPLICATIONS BACK TO THE PRODUCTION ENVIRONMENT After the production environment has been cleaned and remediated (discussed in the next section), system administrators can transition the critical services and applications from the recovery zone back into the organization’s production environment in the data center or on a cloud platform. When that is complete, they can restart the Tier 2 and Tier 3 applications. WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN14 PHASE 4: REMEDIATION When an attack has been contained and data recovered, it is not the time merely to sigh in relief. The next ransomware attack is already on the way. This is the critical time to capture knowledge about the attack, identify strengths and weaknesses in the response, and take steps to thwart similar attacks. A. ERADICATE TRACES OF THE ATTACK The IT security and IT operations groups need to work together to eradicate all traces of the ransomware attack so the attacker cannot renew the attack later. That includes finding and removing malware and other malicious software used in the attack, and resetting system configurations, parameters, and registry settings that were changed by the attackers. This is one of the areas where it is a good idea to call in a security consulting company or IT security forensics firm that has the experience and tools to root out all of the traces left by the attackers. B. DOCUMENT THE INCIDENT AND THE RESPONSE Threat actors often reuse the same tools and techniques over and over. The ransomware recovery team should record details of the attack and the organization’s response to it, so the team members and their colleagues can recognize renewed attacks and respond with proven tactics. C. REMEDIATE VULNERABILITIES AND STRENGTHEN SECURITY A successful ransomware attack is evidence that the organization’s security needs to be strengthened. Analysis of the attack should pinpoint how the attacker exploited vulnerabilities and other security weaknesses to gain a foothold on the network, find critical data, and encrypt (and possibly also exfiltrate) those files. The organization should use this analysis to remediate vulnerabilities and security issues and to identify controls and processes that will strengthen security and prevent a recurrence of the attack. WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN15 HOW RUBRIK CAN HELP Rubrik, the Zero Trust Data Security Company™, offers an industry-leading backup and recovery platform that supports many of the practices outlined in this paper. IDENTIFY AND PROTECT CRITICAL DATA The discussion of Phase 0: Planning and Preparation highlighted the value of identifying critical data so organizations can better protect it through measures such as limiting access, encrypting files, deploying additional security controls, and backing up more frequently. Rubrik Sensitive Data Discovery discovers and classifies sensitive data, including personally identifiable information (PII). Sensitive Data Discovery scans backup data and reports sensitive data being stored, so organizations can make informed decisions about how to better protect that information. DETECT ATTACKS EARLY The discussion of Phase 1: Detection, Alerting, and Containment mentioned the fact that organizations can detect evidence of ransomware attacks in their early stages by identifying unexpected changes to files. Rubrik Ransomware Investigation uses machine learning to establish normal baseline activities for each machine, then monitors the machines and flags behaviors that vary significantly from the baseline, behaviors such as unusual file change rates, abnormal system sizes, and entropy changes. These clues can enable organizations to react quickly and contain ransomware before it causes major damage. IMMUTABLE BACKUPS The discussion of Phase 2: Analysis and Response pointed out the importance of verifying that usable backups are available, because cybercriminal groups have evolved ways to encrypt or corrupt backup files. Rubrik’s backup and recovery solution features an architecture built on natively immutable backups; that is, backups that cannot be encrypted, corrupted, or tampered with by attackers. Immutability is enabled by a purpose-built file system that doesn’t rely on insecure, standard protocols like SMB or NFS. External clients cannot discover or access backup files. The files themselves cannot be overwritten. These and other features of the solution ensure that backup files in their original form are always available in minutes to support analysis and data recovery. GRANULAR RECOVERY The discussion of Phase 3: Recovery explains the advantage of recovering only the data that has been altered by the attack, rather than all data in the environment. Rubrik Ransomware Investigation quickly identifies which applications and files were impacted by a ransomware attack and where they are located. This allows the ransomware recovery team to spend less time recovering files and to restart applications faster. For more information on how Rubrik can help you prepare for and recover from ransomware attacks, visit www.rubrik.com. WHITE PAPER | FRAMEWORK FOR A COMPREHENSIVE RANSOMWARE RECOVERY PLAN16 wp-framework-for-a-comprehensive-ransomware-recovery-plan / 20220826Global HQ 3495 Deer Creek Road Palo Alto, CA 94304 United States Rubrik is a cybersecurity company. We are the pioneer in Zero Trust Data Security™. Companies around the world rely on Rubrik for business resilience against cyber attacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine intelligence, enables our customers to secure data across their enterprise, cloud, and SaaS applications. We automatically protect data from cyber attacks, continuously monitor data risks and quickly recover data and applications. For more information please visit www.rubrik.com and follow @rubrikInc on Twitter and Rubrik, Inc. on LinkedIn. Rubrik is a registered trademark of Rubrik, Inc. Other marks may be trademarks of their respective owners. 1-844-4RUBRIK inquiries@rubrik.com www.rubrik.com APPENDIX: KEY DECISIONS PHASE 0: PLANNING AND PREPARATION • Who should be on the ransomware planning and recovery team? • What applications and systems have the most impact on the business and need to be recovered first? • Where is critical data located, and what should be done to make sure it is securely backed up and protected from exfiltration? • What regulatory, insurance, and corporate policies need to be followed? • What resources should be put in place in advance for backup, response, recovery, and ransom payments? • What processes need to be described in the ransomware recovery playbook? PHASE 1: DETECTION, ALERTING, AND CONTAINMENT • How can the organization detect attacks early and identify what data has been exfiltrated and encrypted? • Who should be on the alert list for IT staff and stakeholders? • What steps should be taken by the IT staff and employees to contain the attack and limit its spread? PHASE 2: ANALYSIS AND RESPONSE • How should the organization engage the cyber insurance provider and security consultants to help analyze and respond to an attack? • How should we analyze the attack to understand its methods and impact? • Where are the most recent backups, and how quickly can they be obtained and deployed? • How should we respond to the ransom demand, based on our policies and the costs and benefits of paying the ransom versus recovering data and restarting applications? PHASE 3: RECOVERY • How should we recover data in our clean recovery zone? • Which critical services and applications should we recover first? • What is the best way to restore lost data and restart the applications? • When can we move applications from the recovery zone back into the production environment? PHASE 4: REMEDIATION • How can we eradicate traces of the ransomware attack so the attackers cannot relaunch it later? • What should we document about the attack and response and what can we learn from them? • What vulnerabilities and security weaknesses do we need to remediate so they can no longer be exploited by attackers? Next Next PREPARE AND RECOVER FROM A RANSOMWARE ATTACK Walk through ransomware recovery step by step, and discover best practices to secure your deployment before an attack strikes. 6 resources available now Ransomware for Dummies The State of Data Security Comprehensive Ransomware Recovery Plan Prepare and Recover from a Ransomware Attack Buyers Guide to Ransomware Recovery Data Security Made Easy Submit Rubrik uses cookies to optimize our website, personalize content and analyze our website usage. We also work with partners who place cookies on our behalf to help us with our advertising and marketing efforts. All cookies we use are aimed at improving your experience and delivering relevant content - read our Cookie Policy to learn more. Customize your Rubrik experience by clicking manage settings to choose which types of cookies we can place on your device. To learn more about the cookies we use and to change your preferences at any time, see ourCookie Policy Cookies Settings Reject All Accept All Cookies PRIVACY PREFERENCE CENTER * YOUR PRIVACY * STRICTLY NECESSARY COOKIES * ANALYTICS COOKIES * PERFORMANCE AND FUNCTIONALITY COOKIES * ADVERTISING AND SOCIAL MEDIA COOKIES YOUR PRIVACY When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Cookies Details ANALYTICS COOKIES Analytics Cookies We use these cookies to help us understand what is happening on our website. These cookies do not identify you down to an individual level and the data collected is not shared with any external third party. These are primarily Adobe Analytics cookies. Cookies Details PERFORMANCE AND FUNCTIONALITY COOKIES Performance and Functionality Cookies These cookies do many things on our site such as giving personalized experiences or providing interactive features and chat technology in addition to analyzing other web performance statistics. Some features of our site may not work if you do not choose to accept these cookies. They may be first or third party cookies as in some cases the vendors we engage may use this data in aggregate to make their products and services better. Cookies Details ADVERTISING AND SOCIAL MEDIA COOKIES Advertising and Social Media Cookies These cookies allow us to understand the performance of our advertising campaigns, use of social media and allow us to target or show you more relevant advertising. These are all generally third party cookies. Cookies Details Back Button COOKIE LIST Filter Button Consent Leg.Interest checkbox label label checkbox label label checkbox label label Clear checkbox label label Apply Cancel Confirm My Choices Reject All Allow All LEARN HOW TO KEEP YOUR DATA RESILIENT IN THE FACE OF RANSOMWARE. Please wait for the form to load * Email Address: * Country: United StatesCanadaAlbaniaAmerican SamoaAnguillaAntigua and BarbudaArgentinaArubaAustraliaAustriaBahamasBahrainBangladeshBarbadosBelgiumBelizeBermudaBoliviaBonaire, Sint Eustatius and SabaBrazilBrunei DarussalamBulgariaCambodiaCayman IslandsChileChinaColombiaCook IslandsCosta RicaCroatiaCuracaoCyprusCzech RepublicDenmarkDominicaDominican RepublicEcuadorEgyptEl SalvadorEstoniaFaroe IslandsFinlandFranceFrench GuianaFrench PolynesiaGermanyGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuyanaHaitiHondurasHong KongHungaryIcelandIndiaIndonesiaIrelandIsraelItalyJamaicaJapanJordanKuwaitLatviaLaosLebanonLiechtensteinLithuaniaLuxembourgMacaoMalaysiaMaldivesMartiniqueMauritaniaMexicoMicronesia, Federated States OfMonacoMontserratMoroccoMyanmarNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigeriaNorwayOmanPakistanPanamaParaguayPeruPhilippinesPolandPortugalQatarReunionRomaniaRussian FederationSaint Kitts and NevisSaint LuciaSaint Vincent and the GrenadinesSamoaSaudi ArabiaSerbiaSingaporeSint Maarten (Dutch part)SloveniaSlovakiaSolomon IslandsSouth AfricaSouth KoreaSpainSri LankaSurinameSwazilandSwedenSwitzerlandTaiwanThailandTimor-LesteTrinidad and TobagoTunisiaTurkeyTurks and Caicos IslandsUnited Arab EmiratesUnited KingdomUruguayVanuatuVenezuelaVietnamVirgin Islands (British)YemenZambiaZimbabwe Country (Required) * Please opt-in to receive future marketing communications from Rubrik. I understand I can always opt out of marketing emails per the Rubrik Privacy Policy By submitting this form, I understand that my personal information will be processed in accordance with Rubrik's Privacy Policy. Submit Close