CASE STUDY: Encrypting Ransomware Hits Small Business

Client Name: (business name removed)
Service Details: Business client, on-site consult, on-site support
Problem and Request: Client reported that they were seeing “ransom” messages appear on their computers, and that they couldn’t access files because they had been locked by a virus. They needed help restoring access to their files and securing their IT environment.

Problem

The call came from a small business client (a survey company with under 25 users) reporting file access problems. They described what had happened: their bookkeeper suddenly couldn’t open any documents, and soon after that other users were complaining that they couldn’t access their files.

We suspected that it was an encrypting ransomware attack when the client told us that the bookkeeper’s PC was displaying a message with instructions for acquiring Bitcoins to pay for a “decryption key.”

The worst part? The client’s main file server appeared to be infected – and they didn’t know if they had working backups of their data.

Solution

This was not a good situation for any company to find itself in! Without going into all of the gory details about what happened in this blog post, suffice it to say that the survey company experienced DAYS worth of downtime, a big chunk of their data that was simply GONE, and significant loss of productivity and revenue as a result of the ransomware attack.

Particularly notable was the absolute chaos inflicted by the attack. The victimized company was completely paralyzed: the ransomware not only infected/encrypted the files on the bookkeeper’s PC, but had also spread through the network shared folders and began encrypting/locking documents on the company’s main file server – preventing the employees from accessing any files or documents needed to do their jobs.

Fortunately, one of the company’s database programmers recognized what was happening and had pulled the power cord from the file server mid-infection, limiting the damage. As it turns out, the company had a partial cloud backup, but the roughly 1 TB of data took DAYS to re-download via their slow Internet connection.

Analysis

A slow backup is better than NO backup! In all seriousness, this was a bad one that we had very little control over: the company’s lack of an adequate backup/disaster recovery (BDR) solution, combined with little to no IT documentation made the attack extremely difficult to recover from, and resulted in significant down-time, data loss, and financial cost.

Encrypting ransomware is no joke. It’s a very real threat, and can cause real damage to a business finances AND reputation. We advise ALL clients to make absolutely sure they have regularly tested backups, and a restore process that works when it’s needed most.

Author: Kevin S.

Kevin Sanders is a Los Angeles native who has worked in tech support and customer service since 2000. He specializes in professional IT consulting, cloud technology, cyber security, networking and Wi-Fi, hardware/software diagnostics and repair, and custom systems building.