DailyCyber: Reality of Ransomware Recovery with Andy Maus, Head of Cyber Recovery Services at DriveSavers

In a recent episode of Brandon Krieger’s DailyCyber Podcast, Andy Maus, Head of Cyber Recovery Services at DriveSavers Data Recovery, outlines how data recovery services strengthen a complete ransomware response strategy. Together, they emphasize that an effective incident response plan must include data loss scenarios for when both security controls and backup protections fail.

Disaster Recovery vs. Data Recovery: Distinct Roles in Incident Response

Organizations frequently assume that their disaster recovery (DR), or business continuity (BC) plan, will address data loss scenarios. However, traditional DR and BC strategies focus on infrastructure and service restoration. As a result, many organizations are left vulnerable when critical files are lost, despite having a DR plan in place.

Data recovery services can support the recovery of critical files that have been deleted or corrupted during a security event and are unable to be restored through the disaster recovery process, potentially avoiding significant disruption.

Backup Strategies Are Not Infallible

While immutable backups and air-gapped systems remain essential to modern security architectures, they are not immune to compromise. Attackers often compromise privileges, corrupt data, or disable backup jobs once inside a network.

Maus refers to several case studies where clients could not rely on their backup infrastructure and had to turn to a data recovery services provider to recover data sets that were inaccessible through standard restoration methods.

Decryptors Are Not Always Reliable

Paying a ransom demand does not guarantee successful restoration. In many cases, decryption tools provided by attackers are ineffective, particularly for large datasets or enterprise-scale databases.

In the podcast, Maus shares examples where DriveSavers successfully recovered files that threat actors’ decryptors failed to decrypt, reinforcing the need for specialized data recovery services outside of standard decryption processes as part of an incident response plan.

Combine Prevention, Protection and Recovery

Security strategies should be well-rounded, starting with a robust architecture and modern technologies and followed by comprehensive, regularly tested DR/BC plans. In addition, a complete incident response plan should not only focus on restoration.

Kreiger and Maus recommend that organizations:

Regularly test the restorability of backups.

Conduct tabletop exercises simulating ransomware and data loss events.

Identify and partner with a qualified data recovery service provider in advance.

Establish internal and external escalation paths before an event occurs.

Review cyber insurance coverage for data recovery scenarios.

Takeaway: Include Data Recovery Services in Your Incident Response Playbook

Security leaders should assume that ransomware will eventually bypass some defenses. Effective planning involves not only technical safeguards, but also proactively identifying a data recovery services partner capable of recovering deleted or corrupted data when other options fail.

Ransomware presents an operational risk that requires regularly tested response capabilities. A resilient organization prepares for worst-case scenarios, validates its backup strategy, and pre-identifies partners to assist in critical data recovery efforts.

Watch the Full Interview

Gain additional insights from episode: 266 of DailyCyber, hosted by Brandon Kreiger
Guest: Andy Maus, Head of Cyber Recovery Services, DriveSavers
Episode title: Ransomware Recovery Realities