A Real-World Story of Ransomware
Andrew Koon, Advanced Business Solutions
Here’s a real story of cyber crime and rescue – or remediation as we call it in our industry.
An urgent call was made to our 24/7 HelpDesk by a panicked client. They were experiencing a cyber attack. In the early morning hours, we met their call with confidence by quickly identifying the type of attack on their business and the probable gateway for the attack. You may be asking already, what happened? What kind of attack?
This business was experiencing ransomware, a cyber attack that occurs every 11 seconds.
We estimated that this client’s accounts were accessed in late February (though the attackers had probably been working to gain access before this time.) Encryptions were running behind the scenes until everything exploded at 4:00 a.m. on April 14. This was just 3 hours before we received the first call and went into offensive and defensive modes.
You may be wondering, what was done to rectify the situation? How did this client fare in the end?
We immediately sent team members to address the issue on-site and prevent further encryption from occurring. We stayed in constant contact with their leadership team to hear their concerns and needs, and to communicate our current actions and next steps. Our teams worked continuously to make sure the issue was resolved as quickly as possible.
Our first priority was to protect their most essential server in order to keep the encryption from hitting information that was absolutely critical to their operation. We confidently carried out the necessary steps to regain control of the network and secure the business.
Because this client was under a standard maintenance agreement with ABS, we were able to pull whatever backups we had and get mission-critical servers back up and their team back online. However, we did not have the authority to make certain decisions or carry out several preventative measures based on our relationship at the time.
After identifying the issue and getting emergency issues addressed, we put together a Standard Operating Procedure (SOP) to get every encrypted file back over time and to implement a better cybersecurity approach for the future.
We believe this attack could have been prevented. However, the outcome could have been much more catastrophic if this business did not have a partner like us on the horn with the ability to act swiftly. Cyber security insurance was another safety measure that helped in this case, but that kind of protection is limited. It includes forensics and support in the beginning phase of an attack, but the business needs someone to come clean up the mess long afterward. That’s where ABS played a role.
We share this example to give greater understanding of this kind of threat. Too many businesses think it won’t happen to them. They think Fortune 500 companies are the target when, in reality, a small business is much more likely to become a victim of ransomware.
Knowledge is the first step. Then, the right processes and preventative measures through a partner like us is the next step.
This is not meant to be a fear tactic nor is the scenario above exaggerated. In fact, there are a lot more interesting details we’ve documented about this recent ransomware attack.
To read more about that situation and our response, click here.
To talk about your cybersecurity, click here.