At the height of cryptolocker ransomware’s popularity, OnServe helped a professional services firm recover from an otherwise irreparable infection. Read on to find out how.
In 2014, Cryptolocker ransomware was all the rage among cybercriminals. Businesses were getting hit by infected emails day by day.
This variety of ransomware works by encrypting a victim’s files (making them unreadable) and only offering the key to recover the data after a ransom has been paid.
When a local professional services firm realized they had fallen victim to a ransomware hack, they immediately called their OnServe Help Desk team to get back up and running.
While our team had every confidence in their backups, we also had the knowledge and ability to act fast and remove the threat, and then get them back in business!
How Did Cryptolocker Infect The Firm?
Operating in the financial industry, this firm had more than 30 employees – one day when they went into work, they couldn’t access any of their data. Everything was encrypted, and all they had to go on was a message from the hackers, demanding they pay a ransom in return to the encryption key.
It was determined later that the cryptolocker made it onto the firm’s network as an infected email attached. The email in question was spoofed to look like an invoice from a major shipping company, but in reality, was designed by cyber criminals to trick the recipient into opening the attachment.
How Did OnServe Solve The Problem?
Fortunately for the professional services firm, we have plenty of experience in both preventing and responding to a range of malware types.
To begin, we scanned the firm’s network to identify which computers were infected, after which we isolated them from the network. Next, we examined their servers for encrypted files and identified the affected data. Fortunately, thanks to an on-site backup, we were able to recover every affected file.
In total, the recovery took just 8 hours to complete. Best of all, the firm didn’t have to pay a single penny in ransom.
What Did We Learn From The Process?
Despite the cybersecurity expertise we already offer, the OnServe team knows that you can always learn more. Cybercrime methodology evolves so rapidly that it’s important to pay attention.
After investigating the incident in full, it was determined to have been caused by three cybersecurity shortcomings:
- Antivirus and malware software that failed to detect the infection in time
- A security router that did not protect the network
- An end user that was not aware that the email was a spoof
In addressing these shortcomings, the OnServe team identified four main steps to take to avoid this kind of situation in the future:
- It was necessary to improve our antivirus protection and monitoring systems, and enhance real-time alerts and reporting for signature updates.
- The firm needed layered email protection, to filter email before it gets to their mail servers.
- The firm’s staff needed user education about cybersecurity threats and identifying threats.
- It was necessary to continue to enhance backup and recovery services. More restore points mean less data loss. We had confidence in the system and process put in place to check every backup as the first order of business every day. Who is monitoring your backups?
The OnServe team is proud to work with clients like this professional services firm – if you’re worried about cybercrime, then why not put our experience to work for you?