Reviving a Network Ravaged by Ransomware: A Case Study

With ransomware on the rise, it’s critical to have an experienced, knowledgeable provider that keeps up with the latest on this ever-increasing threat. Check out this recent case study to see how James Moore’s Technology Solutions Consulting Team is in your corner in the fight against ransomware.

A large company was hit with a severe ransomware attack just before the holiday season. The owners and staff couldn’t access any company records, invoices or customer data. And the damage wasn’t limited to just files; entire systems were non-operational, from production and inventory management to email and other communication tools.

In short, their critical business functions came to a grinding halt.

The company had an in-house IT department, so owners were at a loss on how this could have happened. Our team was called on a Friday and we jumped right in, putting five people on the job and working day and night throughout that holiday weekend.

During our initial investigation, we discovered that there was no anti-virus system running and an insufficient firewall in place. Administrator passwords were weak and had no consistency. The company also had no working backups to recover any lost data. And the owners didn’t have any cryptocurrency payment system set up, despite being aware that hackers usually require such currency for their ransom.

James Moore rebuilt and cleaned up the company’s IT network, implementing standardized and centrally managed anti-virus so we could see outbreaks, firewall and password policies to provide a higher level of security, implemented and tested backup strategies, and redesigned part of the network to allow for better security.

In the meantime, we helped set up a Bitcoin wallet so the company could pay the hacker’s ransom—an unavoidable step due to the lack of protections previously in place. However, the attacker’s attempt to decrypt the files didn’t succeed. So we escalated the work, communicating with a higher level attacker on multiple occasions to get as many files decrypted as possible.

By Monday morning—after three solid days and overnights of work—our team had the company’s systems partially operational and well on the way to recovery. And while they paid a hefty price in ransom and productivity lost, its business network is now far better prepared to withstand future ransomware attacks.

While this account may sound extreme, the sad reality is that we see such instances all the time. Ransomware attacks happen every day, and not just to big corporations. The local cases—small businesses, town governments, nonprofits—are the ones you don’t hear about on the news. And they all share the same story: They thought they had good backups and solid security protocols, but unbeknownst to them… they didn’t.

Don’t become another case study. Contact us today to see how we can help you secure your network and data.

Leave a Comment