Blog Post

True Ransomware Story

Jun 17, 2016

It only takes a moments inattention to change a normal day into an unimaginable nightmare. In this particular case, although we are still yet to verify, we are assuming an employee opened an attachment in an email which started a chain of events which had a serious impact on the company’s ability to trade.

The innocent looking email opened contained the file locking Trojan which quickly locked up the file system and prevented access to the data.

Normally we would be able to recover the damaged system by restoring the latest backup. Sadly, in this case, it transpired that the unmanaged backup had stopped working several weeks ago which took away that solution.

Due to the daily cost of the disruption a decision was made to pay the ransom, but unfortunately, this wasn’t a straight forward as one would expect. The criminal(s) behind the ransom demand, would only accept payment in Bitcoins (Bitcoin is a digital asset and a payment system, transacted online).

Under normal circumstances, setting up a Bitcoin account takes several days. Computer Culture managed to shorten the process by using a trader that accepted payment via a Smart Eftpos money machine. We had 1 hour to withdraw the cash (compounded by BNZ being down during that timeframe) and deposit the cash at the designated machine.

To shorten the story, the unlock code was sent and the majority of the data was recovered. Paying a ransom was a last resort and an action we found abhorrent. So serious is that treat that in the UK, companies are purchasing large amounts of Bitcoins to reduce the downtime in the event of a ransom attack. Prevention though is better than trying to find a cure and that is what we focus on at Computer Culture.

There are powerful lessons to be learnt from this experience.
1) Organisations need a level of security to reduce the chances of an intrusion and enable early detection.
2) Organisations need a robust and comprehensive backup system
3) These processes need to be proactively managed and reviewed.
4) There needs to be polices, procedure and staff training to mitigate the risk
5) Consider taking our Cyber Insurance (we can recommend some companies)

If you feel your site does not meet this criteria, please contact us urgently and we will help you through the process.