Ransomware – A Business Owner’s Nightmare

Ransomware – A Business Owner’s Nightmare

I was talking with a friend recently and found out his business had suffered a ransomware attack.  He is a partner in a business with over 100 employees.  They were all unable to work for almost a week following the ransomware attack. He says he doesn’t know how they got in.  Their current IT provider was unable to identify how it happened.  The effects were catastrophic.  They encrypted every machine on his network.  They encrypted every server and every SQL database.  All work quickly stopped.  Without access there was very little that his staff could accomplish.

From Bad to Worse

The company had been prepping for a migration to the cloud so that they could decommission their on premise servers.  IT had moved all backups to a single drive as part of the planned migration.  They attempted to recover the backup and found it encrypted. Every minute they were down was costing them money.  They were paying salaries to employees that were unable to do anything.  It was difficult to deliver to clients because all coordination tools were unavailable.  This disaster delayed their work and put their reputation at stake.

Recovery

Backups were the first obvious step in recovery.  Once it was determined that they had no usable backups they moved on to other tactics.  They found online that some of the most common types of ransomware have encryption keys available online.  Good Samaritans of the tech world have taken time to crack the encryption and reverse engineer it so they can produce decryption codes. Scouring the internet, they came back empty.  The particular strain of ransomware was new enough or unknown enough in the US that there was not a decryption key readily available. In their search, they did find some experts that might be able to help.  A ransomware expert that for a small fee ($3500) would help them identify the ransomware and best next steps.  Many folks that have used his services endorsed him. They engaged his services and started moving forward anxious for some kind of solution.  He got access to their systems, and was somehow able to tell them the name of the hacking group that attacked them.  He said their attacks usually come from the Ukraine or Russia.  The good news was that this group always made good on their promises of decryption keys if you paid the ransom.  He said that was likely the only path to a quick recovery.

Paying Ransom

The attackers demanded an astronomical $720,000 for the release of the needed decryption keys.  Luckily they were kindhearted reasonable people and open to negotiation.  The ransomware expert negotiated the ransom down to $67,000.  This was still a punch to the gut.  However, when they started calculating the cost of downtime, lost work, lost productivity, the fact that they couldn’t bill their clients or complete jobs.  Suddenly it seemed like the least costly option. They paid the ransom and did receive their encryption keys as promised.  This was a stroke of luck, as many of the bad actors that do this for a living take your money and do not provide them.

Rebuilding

After they received the decryption keys, they started work decrypting their data.  Luckily, their data wasn’t corrupted.  They were able to recover.  They were finally back in business. By this time several unproductive days had passed.  They also realized that they weren’t completely out of the woods yet.  To prevent the possibility of the attackers coming back, the network had to be set up from scratch.  They scrubbed servers and reinstalled operating systems.  This work went on for several more days.  They installed new firewalls and put additional security in place.  Both local and offsite backups were set up and tested. There were several more days of painful work.  Their IT team was there around the clock.  They recovered the network and finally were able to work as normal.

Total Cost

It’s difficult to calculate the total cost of an event like this.  We know that hard costs were easily over 70K.  In addition, the cost of all the work from the IT provider will likely add a large sum to that number. What is more difficult to calculate is the opportunity cost.  What damage did this do to their brand?  How much did they lose in sales? What is the cost of lost productivity?  I would wager that it’s at least as much or more than the hard costs involved.  That would put the total cost of this breach well over 200K.

Time to Get Serious About Security

Do you know when the best time is to get serious about IT security?  How about yesterday?  Many business owners seem to think that there is security in obscurity.  That it will never happen to me.  I submit that it will happen to you if you don’t act now.  It’s only a matter of time. The tools that bad actors use to determine whose network is easy to break into are indiscriminate.  They don’t care about the size of your business.  They will get in and take you for as much as they possibly can.  Ransomware attacks are up significantly in 2020 because of how lucrative attackers have found it.  Like any good executive, they pivot their attacks when they identify an opportunity in the market. I’ve written extensively about what business owners can do to keep themselves safe.  Here are a few references.

References

https://itnow.net/mid-year-security-update/ https://itnow.net/working-remotely-here-are-cybersecurity-basics-you-need-to-know/ https://itnow.net/it-security-rundown/ https://itnow.net/6-indicators-youre-at-risk-for-ransomware/ https://itnow.net/firewall-basics/ https://itnow.net/the-cost-of-downtime/ https://itnow.net/covid-19-highlights-security-challenges-of-remote-workers/ https://itnow.net/multi-factor-authentication/ https://itnow.net/practical-network-security/ https://itnow.net/guide-to-strong-passwords-in-2019/ https://itnow.net/is-your-company-prepared-for-ransomware/ https://itnow.net/remote-desktop-protocol-ransomware-threat/

Bottom Line

You need to have a solution in place to protect your data.  If you don’t feel that solution is rock solid, call us today.  We can help you put together a plan that will protect your data and give you peace of mind.