Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • AI & Machine Learning

Recovery Best Practices from Ransomware Survivors

Veeam
03/20/2026
0
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


TL;DR

  • Organizations that successfully recover from ransomware consistently verify backups, ensure copies are clean before restore, maintain alternate infrastructure, and have isolation plans in place
  • The 3-2-1-1-0 rule remains critical: three data copies, two media types, one off-site, one offline/immutable, and zero errors through regular testing
  • Only 26% of organizations have predetermined plans for critical decisions like ransom payment and law enforcement notification, creating dangerous delays during active incidents

Summary

This episode examines what separates organizations that successfully recover from ransomware attacks from those that struggle, drawing on data from Veeam's ransomware trends report. The discussion centers on practical recovery strategies including the 3-2-1-1-0 backup rule (three copies of data, two different media types, one off-site, one offline/immutable, zero errors through testing), the critical importance of verifying backup integrity before restoration to avoid reinfection, and the necessity of alternate infrastructure arrangements for recovery scenarios where primary data centers become inaccessible crime scenes. Beyond technical controls, the conversation addresses organizational preparedness including incident response planning, chain of command establishment, and the surprisingly low percentage (26%) of organizations with predetermined strategies for ransom payment and law enforcement notification decisions.

Chapters

0:00 - Introduction to Recovery Best Practices
0:25 - What Successful Organizations Do Differently
1:08 - The 3-2-1-1-0 Rule Explained
3:02 - CISO Organization Best Practices

Key Quotes

0:42 "Ensure backup copies are clean prior to restore. That part of it is huge. The only way you can successfully recover is if you're not going to reinfect the whole environment after you have contained."
2:08 "If it's in your data center, you ask law enforcement, they will come in and they will put a ribbon around it, hey, police line, do not cross because this is a crime scene, you're not allowed to touch your own hardware anymore in your own data center."
2:33 "I've seen too many times that people call me like, hey, you do a review of our incident response plan, can you please ship that copy back? Yeah, but I just started. Yeah, but you have the only living copy, because the rest is all encrypted, because they're all on the same infrastructure."

Categories:
  • » Data Protection » Backup & Recovery
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Data Protection
  • Backup & Recovery
  • Security Operations
  • Best Practices
  • Webinar Clip
  • ransomware recovery
  • backup verification
  • 3-2-1-1-0 rule
  • incident response planning
  • alternate infrastructure
  • immutable backups
  • crisis management
  • law enforcement coordination
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Recovery Best Practices from Ransomware Survivors

              Upcoming Webinar Calendar

              • 03/26/2026
                01:00 AM
                03/26/2026
                Reclaim Network Clarity and Accountability with Netskope DEM
                https://www.truthinit.com/index.php/channel/1846/reclaim-network-clarity-and-accountability-with-netskope-dem/
              • 03/26/2026
                05:00 AM
                03/26/2026
                ITDR's Role in Strengthening Critical Security Architecture
                https://www.truthinit.com/index.php/channel/1863/itdrs-role-in-strengthening-critical-security-architecture/
              • 03/26/2026
                01:00 PM
                03/26/2026
                HUMAN Dialogue: Transforming Municipal Risk through AI and City-Scale Cyber Resilience
                https://www.truthinit.com/index.php/channel/1835/human-dialogue-transforming-municipal-risk-through-ai-and-city-scale-cyber-resilience/
              • 03/26/2026
                01:00 PM
                03/26/2026
                Making GPUs Available On Demand (Without Breaking the Budget)
                https://www.truthinit.com/index.php/channel/1858/making-gpus-available-on-demand-without-breaking-the-budget/
              • 04/08/2026
                01:00 PM
                04/08/2026
                Managing Configuration at Scale Across Group Policy and Intune
                https://www.truthinit.com/index.php/channel/1865/managing-configuration-at-scale-across-group-policy-and-intune/
              • 04/15/2026
                01:00 PM
                04/15/2026
                Service Account Security in the Age of AI: From Legacy Accounts to Agentic Identities
                https://www.truthinit.com/index.php/channel/1866/service-account-security-in-the-age-of-ai-from-legacy-accounts-to-agentic-identities/
              • 04/30/2026
                10:00 AM
                04/30/2026
                SaaS Data Protection Insights: Key Findings from the 2026 Keepit Annual Report
                https://www.truthinit.com/index.php/channel/1868/saas-data-protection-insights-key-findings-from-the-2026-keepit-annual-report/

              Upcoming Events

              • Mar
                26

                Reclaim Network Clarity and Accountability with Netskope DEM

                03/26/202601:00 AM ET
                • Mar
                  26

                  ITDR's Role in Strengthening Critical Security Architecture

                  03/26/202605:00 AM ET
                  • Mar
                    26

                    HUMAN Dialogue: Transforming Municipal Risk through AI and City-Scale Cyber Resilience

                    03/26/202601:00 PM ET
                    • Mar
                      26

                      Making GPUs Available On Demand (Without Breaking the Budget)

                      03/26/202601:00 PM ET
                      • Apr
                        08

                        Managing Configuration at Scale Across Group Policy and Intune

                        04/08/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version