Ransomware attacks are on the rise and threaten every business, regardless of size

On IT created a bespoke solution for a major client saving them £150,000

How We Helped A Client That Was A Victim Of A Ransomware Attack

Table of Contents

On Friday 21st October at 6:15am we received a call from one of their largest clients explaining that they had been a victim of a cyber attack. The company which operates across 3 sites had been hit with a ransomware attack asking for $270,000 in order to retrieve their data that was locked behind an encryption wall. 

Ransomware attacks are a very common type of cyber attack that are only becoming a larger threat to businesses. Ransomware attacks involve a third party accessing a company's system and locking all the data, the only way to then retrieve this data is to pay the ransom which will give you a decryption key to re-access your data.

Can small and medium sized businesses survive a ransomware attack

A Step By Step Of The Attack

We’ve broken down below all the steps we took to resolve the issue and the outcome of the attack. 

01:30 AM
Attack
Attackers launch ransomware attack on one of On IT's clients at 1:30AM on Friday 21st November
01:30 AM
06:00 AM
Discovery
The first team to get in that morning discover the attack. At which point the majority of the damage had been done.
06:00 AM
06:15 AM
Call to On IT
On IT receive a call from the client explaining the attack. Attackers were demanding for $270,000 to de-encrypt stolen data.
06:15 AM
09:00 AM
Engineers On Site
Within 3 hours of the initial call, On IT had engineers on site with the client. The first thing the engineers did was unplug everything, this is crucial during a ransomware attack as these attacks are like spiders. This was done to try and cut the attack off at the edges.
09:00 AM
09:30 AM
Check Back Up Solution
On IT discovered that the backup solution had been affected by the encryption and so they couldn’t restore the data from this. Their on site engineers began doing remediation and agreed a plan to get at least 1 computer per department online so that the company could continue to operate.
09:30 AM
12:00 PM
Solution Agreed
After being able to fully assess the situation On IT were able to come up with a solution for their client, which involved a full re build of their environment.
12:00 PM
13:00PM
Back Online
By responding so quickly On IT were able to ensure their client could still do a full days work by getting 1 computer online per department so that they could continue operating and would not suffer a loss this day.
13:00PM
15:00 PM
New Servers
The team worked to build and configure servers before driving to the different sites and installing these servers. On top of this the team had to build a new server infrastructure, create new domains and implement new security policies.
15:00 PM
17:00 PM
Third Party Specialists
On IT also reached out to third party cyber security specialists who were able to identify the root cause and entry point of the attack.
17:00 PM
November
Present Time
After 4 weeks of continuous work the team at On IT are still working hard to re-build the environment.
November
Present
Future Proofing
In order to prevent this from happening in the future On IT are working to move more of the companies data to the cloud. They have also implemented a suitable back up solution of an air gap, this is a gap between the environment and the back ups meaning that should one be affected the other won’t be. On top of this they have installed anti ransom software to add a further layer of protection.
Present

Our Advice for SME's

Many SME’s believe that they won’t be targeted by a ransomware attack as they don’t believe themselves to be a big enough entity however this is not the case. Ransomware is becoming a much more common attack for medium sized businesses especially those who have increased their brand awareness or gained more publicity recently. 

Another piece of advice for businesses is to have cyber protection insurance in place as had On IT’s client not had it they would have been liable for £150,000 worth of remediation costs. It’s important to have this protection in place as ransomware attacks can financially destroy many companies and if it doesn’t the costs to fix could. 

How On IT Can Help

A hacker will get into your system should they really want to and so it’s important to have the processes in place to ensure you can recover from an attack. Ensure that you have an air gap between your environment and back ups, do regular back ups and invest in anti ransomware software. On IT can help with implementing these actions to your business should you not have this in place. 

Get in touch with our team today to discuss your options.