7 Steps To Recover From A Ransomeware Attack

Ransomware is a type of cyberattack often used against companies of all sizes. Once the malware that this type of attack uses is downloaded to the victims’ device, it seeks out and holds corporate data hostage. It does this by locking you out or encrypting the data so that it is indecipherable. Your organization then must pay a ransom to restore your access – hence the name.


With threat researchers at SonicWall Capture Labs finding that there was a record-breaking 495.1 million ransomware attacks in 2021, this 148% year-on-year increase over 2020 means that last year was the most costly and dangerous year on record for organisations across the globe. And with ransomware demands surging by a staggering 518% in just the first half of 2021, that represents a major threat to any business.


But Veeam believes that the best offence is a good defense, and their 2021 Ransomware Retrospective report has the data to back this up. The study, designed to understand the impact of ransomware on the global IT community and its customers, found that an impressive 92% of Veeam customers didn’t have to pay any ransom to restore their data.


And recovering from a ransomware attack cost 85% of Veeam customers polled less than US$25,000 overall. With measurable data like this, it just goes to show how valuable having an effective backup process is. Having secure, timely and reliable backups for your corporate data is crucial, but it’s only part of an effective Ransomware Recovery Plan.


Read on to find out our 7 steps to recovering from a ransomware attack.

What Are The 7 Steps?

Step 1: Have a Comprehensive Cybersecurity Incident Response Plan (CIRP) in Place

While the hope is always that you will never have to deal with a cyber-attack of any kind, an attack takes place every 39 seconds. And so, while it may seem like an odd thing to have in a ransomware recovery plan, your first step should be ensuring you have a detailed cybersecurity strategy that is comprised of three main layers.


The first, of course, is protecting yourself from an attack in the first place. The second layer is a comprehensive Cybersecurity Incident Response Plan – a strategy that lays out exactly what your staff should do when an attack is in progress. The main goal with your CIRP is to mitigate the damage that a cyberattack can cause as well as help begin your recovery process.


This recovery phase is the third layer of your cybersecurity strategy and arguably the most important in terms of the actual cost of an attack. The reason is the longer it takes to restore your data and get your systems back online, the more it impacts your bottom line.

Step 2: Implement Backup Plans for All Your Corporate Data

With digital workspaces and a remote workforce becoming the norm for the modern workplace, many companies have made the switch to using the powerful services offered by Microsoft Office 365. But while Microsoft has resilience at the heart of these tools, something they don’t offer is a comprehensive backup solution.


And yet many overlook this shortfall, with 81% of IT professionals saying that they experienced data loss in Office 365. When you consider that companies are storing as much as 60% of their sensitive data in cloud-based Office documents – 75% of which isn’t currently backed up – that is a worrying statistic. And so, your second step should be deploying solutions like Backup for Microsoft 365 across your organization.

Step 3: Employ the 3-2-1 Data Backup Rule

The 3-2-1 rule is nothing new. In fact, Veeam have been advocating the concept since their very first days in business. And while IT professionals, and anyone tasked with keeping corporate data safe, have been using the principle since the beginning of time – we can thank photographer Peter Krogh for the phrase.


The 3-2-1 rule isn’t complicated and simply states that you should have three (3) copies of data stored on two (2) different types of media and one (1) copy should be off-site. Now while the most critical data sets of today often have 4 or even 5 backup copies in place, the basic rule is your best starting point.

Step 4: Be Ready to Report any Cyberattack Incidents

When a cyberattack occurs, the first instinct of many organisations tends to be to investigate, learn what occurred, and close the security loophole. However, countries and international organisations like Interpol are increasingly encouraging – or even regulating – the disclosure of cyberattacks. This step is necessary to protect companies and consumers as well as to ensure judicial resources can be bought in to assist organisations that may not have the capacity to do so, as well as to seek prosecution of cybercriminals where possible.

Step 5: Protect Your Workloads and Processes with DRaaS Solutions

With cyberattacks being as prevalent as they are, having an effective Disaster Recovery solution in place is an essential part of any cybersecurity strategy. This used to mean having an offsite facility where your data was backed up on expensive storage gear, but Disaster Recovery as a Service (DRaaS) solutions have changed the game for businesses of all shapes and sizes.


DRaaS solutions like Veeam® Backup & Replication™ use a cloud-based data protection approach where your organisation’s physical services and/or virtual machines (VMs) are replicated, stored and hosted using public or private cloud resources. This essentially means that you will instantly be able to recover files, NAS shares, entire VMs, databases and more.

Step 6: Undertake Security Awareness Training for Your Employees

Your employees are the weakest link in your cybersecurity strategy. And despite 90% of organisations claiming that their employees have undergone phishing awareness training, according to Verizon’s 2022 Data Breaches Investigations Report, 82% of data breaches involved the human element. And many successful cyberattacks on organisations start with phishing emails.

Step 7: Test Your Ransomware Recovery Plan

Many ideas and plans are great on paper but tend to fall apart when it comes to execution. Nowhere is this more true than with cybersecurity. Business is evolving every day, and the cyber threat landscape is evolving right along with it.

If you’re not testing your entire cybersecurity strategy regularly, including your ransomware recovery plan, you will never know if there are interdependencies, gaps and areas that need improvement. Cyberattacks can take any number of forms, and your ransomware recovery plan needs to be agile enough to respond to whatever that may be.

How can Aegis help?

With over a decade of experience, Aegis offers data protection and cloud disaster recovery services that continuously monitors IT systems and identifies information security gaps. We ensure 24×7 proactive monitoring and support all year round with unlimited disaster recovery resources and certified DR drills.


When it comes to Ransomware, a good cloud backup and disaster recovery plan will ensure you get your business back up and running with minimal time and data loss. Aegis Cloud Disaster Recovery (CDR) is the ideal managed, automated backup solution for your organisation. Choosing an expert partner with extensive experience helping businesses recover from cyberattack, data deletion or loss is the best protection for your business.


Veeam provides modern data protection for Lembaga Lebuhraya Malaysia to meet government compliance requirements for business continuity

 “Veeam protects the IT applications that support highway management and maintenance, so travel can be safer, faster and easier.” 

— Gs. Ts. Mohd Sukri bin Shuib, Assistant Director of Technology, Lembaga Lebuhraya Malaysia – 2021

 The business challenges 

Lembaga Lebuhraya Malaysia (LLM) plays an important role in the lives of many Malaysians. LLM constructs, manages and maintains highways and expressways that connect families and friends to each other and to employment opportunities, educational institutions, healthcare services, retail stores and more. By building, monitoring and renovating roadways, LLM contributes to the country’s wellbeing. 

Millions of people travel on Malaysia’s highways, but they’re probably not aware that LLM assesses every kilometer to improve safety, reduce traffic congestion and integrate automation. Several IT applications assist in this process, including an expressway performance indicator system, a highway construction monitoring process and a toll-road evaluation system. 

While travelers may not be familiar with these applications, many of them are familiar with LLM’s website because it provides helpful maps, construction updates, traffic status and toll-rate information. Protecting this website and the IT applications supporting highway management, maintenance and customer service is critical, so when the backup solution became more of a challenge than an asset, the IT Division searched for a replacement. 

“Our backup solution was becoming outdated,” said Mohd Sukri bin Shuib, Assistant Director of Technology at LLM. “There were times when backup was slow and recovery was unreliable, making it more difficult to meet recovery objectives in the business continuity standards required by our government.” 

To strengthen its backup and disaster recovery (DR) strategy, LLM’s IT Division contacted Infinity Consulting Technology (ICT), a Platinum Veeam® Cloud & Service Provider (VCSP) partner in Malaysia. ICT is widely recognized as a cloud backup and DR service provider in Malaysia, providing Aegis, the in-house brand of ICT, which focuses on delivering cloud disaster recovery services. Aegis manages and monitors customers’ daily backup operations, maintenance and support of customers’ backup and DR operations. Aegis also offers complimentary and unlimited DR resources, including dedicated drill personnel who assist customers when performing drills, so they complete successfully. Aegis obtained Disaster Recovery Certified Expert (DRCE) certification in 2012, giving it more than a decade of cloud backup and DR expertise. 

“Aegis is well respected among government agencies, and ICT is well known for matching organizations with the technology that best meets their needs, so that’s how we learned about Veeam Availability Suite™,” Mr. Sukri bin Shuib said. We quickly realized that Veeam and Aegis offer the most comprehensive backup and DR solution.” 

The Veeam and Aegis solution 

Veeam and Aegis modernized data protection so LLM can easily meet recovery objectives in the business continuity standards required by the Malaysian government. Veeam and Aegis also extend backups and replicas to a secure private cloud to increase ransomware protection. Moreover, they support compliance with the ISO/IEC 27001 Information Security Management System (ISMS) standard and reduce annual IT costs by 50%. 

“Our goal is to improve the country’s highways,” Mr. Sukri bin Shuib said. “Veeam and Aegis protect the IT applications that support highway management and maintenance, so travel can be safer, faster and easier.” 

Veeam backs up and replicates 10 TB across more than 20 physical and virtual machines (VMs) on premises and off premises to Aegis. Veeam Cloud Connect links LLM to Aegis, enabling the agency to extend data protection to the cloud without the cost and complexity of managing a second infrastructure. Backups and replicas are encrypted and secure, which increases ransomware protection. 

Mr. Sukri bin Shuib said Veeam offers several features legacy backup did not offer such as reliable backup and high-speed recovery that enables the IT division to meet recovery objectives more easily. Additional features in Veeam ONE™ include monitoring and reporting for resolving issues proactively and Veeam DataLabs™ for verifying the recoverability of backups and replicas. Scalability is another key feature because LLM’s data grows quickly due to a CCTV video that monitors traffic. Veeam is also hardware, software and storage neutral. 

“Veeam backs up any workload on any hardware to any storage, so we don’t have to invest in new resources,” Mr. Sukri bin Shuib said. “Veeam is also more affordable than our previous solution, which reduces annual IT costs by 50%.” 

Aegis helps LLM save money too. Instead of a costly capital expenditure to build and maintain a separate DR structure, LLM opted for an affordable operating expenditure for DR as a Service (DRaaS) from Aegis. In addition, ICT is ISMS-certified, enabling LLM to attain ISO/IEC 27001 compliance. 

“Veeam and Aegis make data protection easy and efficient,” said Mr. Sukri bin Shuib. 

The results 

Modernizes Data Protection to meet recovery objectives in government policy “Veeam and Aegis protect the IT applications that support highway management and help us meet recovery objectives in the business continuity standards required by our government more easily,” Mr. Sukri bin Shuib said. 

Extends backups to a secure private cloud to boost ransomware protection Veeam Cloud Connect offers a seamless and secure way to send backups and replicas off premises for DRaaS, so organizations like LLM can avoid the cost of managing a second infrastructure. 

Supports compliance with ISO 27001 and reduces annual IT costs by 50% “Veeam is more affordable than legacy backup, saving us a significant amount each year,” Mr. Sukri bin Shuib said. 




Lembaga Lebuhraya Malaysia oversees the design, construction, operation, maintenance and toll collection for highways and expressways spanning 1,820 kilometers countrywide. The government agency was established in 1980 under the Ministry of Works and employs approximately 400 people. 


When Lembaga Lebuhraya Malaysia discovered its backup solution was becoming outdated, the IT division replaced it immediately. Unreliable backup and slow recovery could make it difficult to meet recovery objectives in business continuity standards required by the government. 


  • Veeam Availability Suite 
  • Veeam Cloud Connect
  • Secure Cloud Backup and Disaster Recovery (DR) Service from Aegis


  • Modernizes data protection to meet recovery objectives in government policy 
  • Extends backups to a secure private cloud to boost ransomware protection 
  • Supports compliance with ISO/IEC 27001 and reduces annual IT costs by 50%

About Veeam Software 

Veeam® is the leader in backup, recovery and data management solutions that deliver Modern Data Protection. We provide a single platform for cloud, virtual, SaaS, Kubernetes and physical environments. Our customers are confident their apps and data are protected and always available with the most simple, flexible and reliable platform in the industry. Veeam protects over 400,000 customers worldwide, including more than 82% of the Fortune 500 and over 60% of the Global 2,000. Veeam’s global ecosystem includes 35,000+ transacting technology partners, resellers, service providers, and alliance partners, and has offices in more than 30 countries. To learn more, visit or follow Veeam on LinkedIn @veeam-software and Twitter @veeam

About ICT 

A world-class Disaster Recovery as a Service (DRaaS) and Infrastructure as a Service (IaaS) expert based in Malaysia, Infinity Consulting Technology (ICT) partners with the world’s leading software and platform brands to deliver cloud-based backup and recovery solutions to customers from blue chips to start-ups across a range of industry sectors. A Platinum VCSP, ICT aims to shape the future of cloud DR revolution. 


Microsoft 365 backup – do you really need it?

With over 23 million users around the world, Microsoft 365 is currently the most common business productivity suite that enable you to work anywhere, anytime, without the need to host your own email, files, and SharePoint infrastructure. Besides, Microsoft service also takes care of your email and data backup. Or does it?

Why you need Microsoft 365 Backup?

A board range of question that everyone business owner curious about, is why do we still need Microsoft 365 backup when data is already seated in Microsoft 365 Cloud? The answer is Microsoft 365 does retain data unless you delete them. Nonetheless, you should never perceive retention as a data backup or recovery solution.

Microsoft 365 backup is the best way to protect against accidental or malicious deletion, internal external threat, and data corruption. And is it true that Microsoft 365 data retention policy starts only when data is deleted and seated in Microsoft 365 recycle bin.

Learn more about the limitations of Microsoft 365’s retention policy.

It’s also very important to be able to manage backups easily. Can you manage and restore data remotely? You do not want IT workers to have to go into office to add capacity, look at reporting, or do routine tasks such as restoring data. With our Aegis Cloud Office 365 Backup (COB), all this can be easily solved. Our Aegis cloud office 365 service is a self-service that we provision to customer, it means that we provide customer a self- service portal that is user friendly for them to log in to their Microsoft 365. It can ensure that you can restore quickly and meet data retention requirements for Microsoft 365 data.

Watch the video below to get more information about why Microsoft 365 backup is important and what are the benefit of our Aegis COB self -service portal:

Overview of Microsoft 365 common threats

Like it mentions before the importance to have Microsoft 365 backup one of the major reasons is because of the internal and external threat. While Microsoft 365 provides opportunities and efficiency gains, it also exposes its users to security threats.

Internal threats – Many businesses are experiencing threats from the inside, and they are happening more often than you think. With Aegis COB it can mitigates the risk of critical data being lost or destroyed.   

External threats – External threats such as ransomware, malware, or email phishing, can easily create a serious damage to organization. Especially nowadays, for an organization, data is the new currency right now, it is so important that you need to have multiple copies of your critical data.

Watch the video below to get a better understanding of internal and external threats and the benefit of adopt the Aegis Cloud Office 365 Backup (COB):


The Importance of Endpoint Backup

With today’s workforce becoming increasingly mobile and the risk inherent in any environment outside a company’s security network, the importance of endpoint backup has never rung more true.

It is essential that data be protected regardless of an endpoint’s physical location.

With Aegis Endpoint Backup (CEB), employees’ ability to travel and work from anywhere will not be limited. Whether you’re at a conference, a client’s office or at home, sensitive data will remain just as secure.

Moreover, Aegis Cloud Endpoint Backup (CEB) offers comprehensive data protection for business. It is an automatic backup solution for all your endpoint devices (desktops, laptops, tablets & smartphones) and the data that resides on them. Protecting data from human error, malware and theft has become crucial for businesses with a distributed workforce and remote working.

Episode 1: The importance of Endpoint backup: Hardware failure
Unexpected hardware failure with no data backup can severely jeopardise business data. 
Episode 2: Endpoint Theft
Confidential business data kept in the endpoint devices is at risk when device is missing, causing possible data breach.
Episode 3:  Intentional Deletion
Employee – induced data loss – whether intentional or not – can bring big impact on business and has become an increasingly common occurrence.

MoU signing ceremony between Vlan Asia and Infinity Consulting Technology Sdn Bhd

From left, Lance Cheang, Managing Director of VLAN technology Sdn Bhd and Wilson Lam, Chief Executive Officer of Aegis

A Memorandum of Understanding (MoU) between VLAN Technology Sdn Bhd (“VLT”) and Infinity Consulting Technology Sdn Bhd (“ICT”) (now known as Aegis) was formally signed at VLAN Asia’s Headquarters here in Kuala Lumpur on the 27th of July 2020 (Monday). The signing was represented by Lance Cheang, Founder and Managing Director of VLAN Technology Sdn Bhd and Wilson Lam, Chief Executive Officer of Infinity Consulting Technology Sdn Bhd.

The purpose of this partnership is to establish a collaborative effort between both Companies to advance commercial growth through mutual sharing of VLAN Asia’s Cloud offerings, namely Hubspot, Zendesk, Microsoft365, Azure and Xero, together with Aegis products on Cloud Disaster Recovery (CDR) and Cloud Office 365 Backup (COB), amongst other things.

Aegis was first established in 2005 to manage client’s online backup (Cloud Backup) before it began specializing in Cloud Disaster Recovery (CDR) in 2009. With its base of operations in Subang Jaya and more than a decade of experience in Cloud Disaster Recovery, Aegis focuses on delivering CDR services, hence making us the veteran of today’s Cloud Backup and Disaster Recovery service provider in Malaysia. Aegis offers flexible and attractive plans with backup, restore, replication and/or standby server for DR service and facilities.

Need help?