Case Study: Ransomware

Too often, businesses put off spending additional money on IT security because their network has never been attacked. Unfortunately, we’ve seen how this mentality can seriously harm businesses in the long run, resulting in downtime and critical data loss. Don’t be one of the businesses who have to learn the dangers of an unsecured network the hard way. To learn how to proactively protect your business from the looming threat of ransomware attacks, keep reading.

The Problem

The CEO of a company who happens to be one of our clients here in Calgary called one day with a problem. Our client’s servers were down, and nothing on their system was working. Upon investigation, we determined that all of the files on their servers had been encrypted. A ransom note was found on the server explaining that cybercriminals had encrypted the server and would only allow it to be decrypted for a  payment of 2 bitcoins, or about $20,000 at the time.

Unfortunately, the client was not one of our managed clients. They relied on their own in-house IT team to set up and look after their network. The IT manager had not implemented an [off-site backup system] of their servers as we would have had we been their [managed security service provider (MSSP)]. The physical drive they used to back up their system had been encrypted along with the server, making ransomware removal or a system restore impossible. As a result, the company lost access to their scheduling systems, billing systems, accounting data, Word documents, spreadsheets, and other business critical data.

The Solution

After extensive research, our client’s in-house IT department determined that the server could not be decrypted without the decryption keys. They filed a police report, but the police had no way to help. All they could do was recommend that our client not pay the ransom. Ultimately, our client decided to pay the ransom in the hope that the decryption keys would work. They had to work with their bank – who also didn’t want them to pay the ransom – to wire the money to a company that specializes in handling ransomware cases. After a few hours, the decryption keys were issued, and our client was able to decrypt the files.

The Result

Most ransomware cases do not end well. Our client was fortunate to receive valid decryption keys as many companies either never receive keys or receive invalid keys even after sending the ransom payment. In the end, most companies lose money and critical data. Our client endured days of downtime at a critical time of the year. They learned an expensive lesson about the realities of cybercrime, but the situation could have been a lot worse.

Our client had to learn the hard way that all businesses are potential targets for cybercriminals. As a result of the experience, our client agreed to have Pure IT install Datto, a state-of-the-art data protection system that securely backs their servers up to two redundant, offsite data centers. This backup solution guarantees that they will always have access to an up-to-date network restore image at their fingertips, so they’ll never have to risk making a ransomware payment again. We also installed next-generation security software on all of their computers and servers to close the doors that had been left open to cybercriminals on their previous network.

If you want to start taking a proactive approach to protect your network from the threat of cybercrime attacks, contact our team of experts at Pure IT today.

Posted Under: Technology Best Practices