This story is from ITS owner Tom Andrulis. It's a true story of how ITS saved a client from a ransomware attack. This is an example of the importance of working a competent MSP and how good IT support can save a business.
An insurance company of about 150 people reached out to ITS about a ransomware infection in their system. Someone within the company had an email sent to them that had macros installed. This person thought they were getting an email from someone trustworthy and enabled macros without considering the possible consequences.
Once the macros were enabled they deployed a malware into the machines that allowed the attacker to remotely access their computers. Soon the malware spread to almost all of their employees’ 150 computers. Then a secondary malware was launched that could look into the memory of the RAM of different computers until it was able to access to user names and passwords of everyone in the company including the admin. With this, the attack had begun.
Once the attacker was equipped with admin rights they were able to deploy a ransomware across the network. Workstation after workstation was encrypted and employees were getting messages on their screens explaining the situation. Just imagine how unnerving it can be to go from a productive workday to seeing a message like this.
YOUR DATA HAS BEEN ENCRYPTED. YOU MUST PAY US $250,000 IN BITCOIN IF YOU WANT IT BACK.
This is when the company, smartly, reached out to our amazing team at ITS. This is a nightmare for any business to deal with, but it’s exactly why businesses choose to work with an MSP in the first place.
The Response from ITS
The first thing done was to take the machines off the network. This was to stop the ransomware from speading, while also allowing an antivirus software to attempt to remove the malware. But, there was problem.
The antivirus would fight off the malware, but as soon as a machine was clean the malware would launch again. It would launch over and over again so that the antivirus would be fighting this attack in real time. However, the antivirus was not able to keep up with the tenacity of the attacks. So now, how does a good MSP respond to this attack?
The Next Step
The next tool in the data security arsenal was to use a software created to watch for background ransonware programs. This would look for things lurking in the background that might still be creeping around your system. In this case ITS opened up an incident with the software company responsible for writing the program for additional support.
This company informed them that the situation was worse than they had first imagined The advice was to shut off the machines, disconnect from the internet, and allow the company to send a truck to begin the cleanup process locally. This was the best way to stop the ransonware attack from spreading even further.
An Alternative Solution
Once disconnecting from the internet it was time to clean up the ransonware. This is an especially difficult task to do manually. As seen earlier, a full clean up was difficult as the malware continued to deploy more and more attacks.
This is when having an MSP saved this particular business.
They software company told ITS that they had an experimental beta software that might be able to help. It was an anti-breach software created to look fill the gap between anti-malware and anti-virus.
This could look for those background programs that are the root of the problems and help automatically eliminate them. New technology like this is the best way to fight against cyber crime. ITS agreed to use this program and together it helped clean the computers.
With this technology in hand they were able to work for 36 straight hours and get the business up and running again.
The Possible Consequences
This kind of attack is becoming more and more common. If this business was not working with an MSP then the outcome would have been much different. ITS was able to work their way through a number of different solutions, identifying what would and would not work. Eventually they were able to communicate the proper problems to the proper people that were able to help them find the solution.
This kind of attack is not new. Both the software company, and an insurance company familiar with the issue have said that it would not be unusual to have this attack take 2-3 months to fully cleanup and could cost a business $250,000 or more in ransoms. A cost like that could take down many successful businesses.
The Big Takeaways
People are getting hit with phishing attacks all the time, and that is not going to change. In fact, phishing attempts are becoming increasingly popular. All it takes is one email and an entire business can be brought down for months-- maybe forever. Once an attacker is inside they can assess your system and figure out how much they can extort from you.
This kind of attack is not uncommon. Do not let yourself be blindsided! It is not an exaggeration to say that this business might never have recovered if they did not have an MSP helping them to secure their data.
If are looking for the best data management and IT security team in Los Angeles, Phoenix, Chicago, or Las Vegas then please give us a call. We can help you stay cyber safe and do our best to make sure you do not lose what you have worked so hard to build.