Home Page » Backup Systems Disaster Recovery Blog » A ransomware story with a happy ending

A ransomware story with a happy ending

A ransomware attack hit one of our customers at the weekend. The IT manager called us, almost crying over the phone, asking us to stop all backups. They were a victim of Ryuk ransomware.

Large, public-entity Microsoft Windows cybersystems are often the target for this type of Ryuk attack. It typically encrypts data on an infected system. After a ransom is paid (usually in untraceable bitcoin) the data is unencrypted.

We are all one click away from chaos

The hacker group Wizard Spider are behind the Ryuk attacks and commentators claim it netted a total of USD $150 million by the end of 2020.

When our customer’s IT manager rang us he was almost in tears fearing for his job, convinced someone would say he failed to protect the company’s IT infrastructure.

IT Managers are often in the front line when it comes to responsibility for such attacks, as they are the one in charge of providing security training to company staff and disaster recovery in an emergency.

The story begins…

We told the customer, let’s call him John, that opening one bad email was enough to cause the issue. He was also reminded by our team that even NATO, the US Military and UK Government get hacked. We reassured him the company’s data was in safe hands. Backup Systems had his back.

We liaised with the customer’s IT Support Team and a third-party ransomware expert to bring John’s systems back on track.

The ransomware expert analysed the customer data and found the virus had been dormant for about 2 weeks. Once activated, the hackers asked for a Two Bitcoin ransom (at the time, it was worth above £40,000).

We worked all weekend and helped John retrieve the data they had lost… Phew, they were back.

John commented: “We are all one click away from chaos” adding: “We were attacked by the Ryuk ransomware virus which closed 11 of our factories and 7 of our depots. We had 600 PCs and 60 servers down with no email or phones and could not run a machine.”

“By Wednesday, the fantastic Ops Team we have had half the factories running and by the following Sunday we had all sites taking orders and manufacturing again (despite another 22 attacks on Saturday).”

John is right, we are all one click away from chaos. Protecting your data is vital and it’s the key to ensuring business continuity and growth.

What can you do to prevent ransomware attacks?

New studies show an increased number of ransomware attacks have affected various sectors in recent months. In 2020, almost half of UK businesses (46%) and a quarter of UK charities (26%) reported cybersecurity breaches or attacks*.

Ransomware is a type of malware that prevents you from accessing your systems or the data held on them. The data is usually encrypted, deleted or stolen. Sometimes the computer itself is made inaccessible.

To prevent cyber-attacks and improve your security, the National Cyber Security Centre (NCSC) has a five-step guide. Number one is to backup your data (!):

  • Step 1 – Back up your data
  • Step 2 – Protect your organisation from malware
  • Step 3 – Keep your smartphones (and tablets) safe
  • Step 4 – Using passwords to protect your data
  • Step 5 – Avoid phishing attacks

Check out more details at https://www.ncsc.gov.uk/collection/small-business-guide

Backing up your data may not be sexy, but it is possibly one of the most important business functions. And backing up the data is only the first stage – retrieving and restoring is another story. Too often we have heard tales of data restores being incomplete or failing altogether.

For guidance on how to protect your organisation from ransomware, and where there may be gaps in your current arrangements, then complete our contact form or call 0845 671 0290


* UK Government, Cyber Security Breaches Survey 2020
Photo by Annie Spratt

Share this article with colleagues:

Recent posts:

Categories: