Just over a year ago, one of our customers was hit by a ransomware attack at the weekend. We were called by the IT manager, almost crying over the phone, asking us to stop all backups until further notice. They had been hit by the so-called Ryuk ransomware.
Ryuk is a type of ransomware known for targeting large, public-entity Microsoft Windows cybersystems. It typically encrypts data on an infected system, rendering the data inaccessible until a ransom is paid – usually in untraceable bitcoin.
Ryuk is attributed to the hacker group Wizard Spider and commentators claim it netted a total of USD $150 million by the end of 2020.
When our customer’s IT manager rang us he was almost in tears fearing for his job, convinced someone would say he failed to protect the company’s IT infrastructure.
IT Managers are often in the front line when it comes to responsibility for such attacks, as they are the one in charge of providing security training to company staff and disaster recovery in an emergency.
The story begins…
We told the customer, let’s call him John, that opening one bad email was enough to cause the issue, and that even NATO, the US Military and UK Government get hacked. We reassured him the company’s data was in safe hands. Backup Systems had his back.
We liaised with the customer’s IT Support Team and a third-party ransomware expert to bring John’s systems back on track.
The ransomware expert analysed the customer data that was infected, and found the virus had been dormant for about 2 weeks before the hackers asked for a Two Bitcoin ransom (at the time, it was worth above £40,000).
We worked all weekend and helped John retrieve the data they had lost… Phew, they were back.
John commented: “We are all one click away from chaos” adding: “We were attacked by the Ryuk ransomware virus which closed 11 of our factories and 7 of our depots. We had 600 PCs and 60 servers down with no email or phones and could not run a machine.”
“By Wednesday, the fantastic Ops Team we have had half the factories running and by the following Sunday we had all sites taking orders and manufacturing again (despite another 22 attacks on Saturday).”
John is right, we are all one click away from chaos. Protecting your data is vital and it’s the key to ensuring business continuity and growth.
What can you do to prevent ransomware attacks?
New studies show an increased number of ransomware attacks have affected various sectors in the UK and worldwide in recent months. In 2020, almost half of UK businesses (46%) and a quarter of UK charities (26%) reported cybersecurity breaches or attacks*.
Ransomware is a type of malware that prevents you from accessing your systems or the data held on them. Typically, the data is encrypted, but it may also be deleted or stolen, or the computer itself may be made inaccessible.
To prevent cyber-attacks and improve your security, the National Cyber Security Centre’s (NCSC) has a five step guide… number one is backup your data (!):
- Step 1 – Back up your data
- Step 2 – Protect your organisation from malware
- Step 3 – Keep your smartphones (and tablets) safe
- Step 4 – Using passwords to protect your data
- Step 5 – Avoid phishing attacks
Check out more details at https://www.ncsc.gov.uk/collection/small-business-guide
Backing up your data may not be sexy, but it is possibly one of the most important functions in modern IT. And backing up the data is only the first stage – retrieving and restoring is another story. Too often we have heard tales of data restores being incomplete or failing all together.