Ransomware: An Unwanted Holiday Gift

Imagine you are in the middle of the holiday season and you are a retailer with sixteen locations. Now imagine that one of your employees clicks on the wrong e-mail link and launches a ransomware attack on your organization. Believe it or not, this happened to one of our clients this past holiday. Read on for more details and lessons learned.

To begin this story, we want to be very clear that this isn’t a case where our client was naïve and wasn’t paying attention to internet security. They, in fact, have a very talented IT staff and they had industry standard software and hardware protections in place.

LESSON LEARNED #1: Nobody is immune from cyberattacks. It just takes one person to click on the wrong thing.

The challenge for our client’s IT department is that the ransomware virus stayed hidden in the background for a couple of weeks while it took an inventory of all of their servers and workstations. Consequently, they thought the warnings that they received were nothing to worry about.

LESSON LEARNED #2: Don’t ignore warnings.

Unfortunately, the warnings were not false. Our client came in one morning to find that their entire network was encrypted, and the perpetrators wanted a $2.1M ransom. Fortunately, their Point of Sale system was on a separate network, so they were able to keep their stores open. Without this, they would have been out of business.

LESSON LEARNED #3: Isolate your mission critical applications.

Our client notified us of the issue immediately and we offered to help, but they initially said no because they felt that their internal IT team could handle it. Two days later, though, they called back and asked us to send our IT specialist, Joe Deluca, out to help manage the situation.

LESSON LEARNED #4: Make sure you have a designated Incident Response Manager in case something does happen to your systems.

The client’s CEO asked Joe if they should just pay the ransom. Joe’s response was “No Way”, which is exactly what the CEO want to hear.

LESSON LEARNED #5: Never pay the IT Terrorists.

Thankfully, there is a happy ending to all of this. Due to Joe’s prior experience dealing with Ransomware attacks, Joe was able to quickly get the situation under control and start the road to recovery. It took almost two weeks of dedicated time by Joe and the client’s IT team, but everything was eventually recovered and our client is now fully back in operation.

LESSON LEARNED #6: Don’t be afraid to ask for help.

Give us a call. As a final note, based on a recommendation from Joe, our client is now instituting IT fraud & security training for all of their staff.

LESSON LEARNED #7: Keep in mind that your first line of defense from cyber-attacks is your people. Make sure they are properly trained. Again, call us if you would like some guidance on this.