A Successful Ransomware Recovery

What is a ransomware attack?

There are many forms of ransomware, however the idea is that hackers gain access to your system and hold you to ransom. This typically is in the form of threatening to share or delete data – the most common of which is to lock off your systems and have to pay to access your data, which will be deleted in a certain amount of time.

This sort of attack is generally started by use of phishing emails, however more targeted approaches can be used. The value businesses are being required to pay is continually increasing, with the industry earning £2.7billion in 2019.

There are two main issues for businesses that get attacked – loss of data and down-time. If you lose all of your data, the repercussions can be huge, from dealing with customers to sorting out finances. However, many people forget that their businesses rely on the software that they use, which means they will not be able to sell, manufacture, support, etc, etc. whilst the attack is in place. Although many businesses are attacked, because it is easy for staff to click on a link in a rogue email, it can be seen as a PR nightmare – people want to know that their data is safe. This is why many businesses end up paying the 10s of thousands of pounds/dollars/bit-coin in ransom.

Portsmouth based company attacked

One of our customers was caught out by a phishing email, and on a Friday morning the business was taken down by a ransomware attack. Locking off access to their entire Business Central system, we soon got a call from a very stressed IT manager. We are obviously limiting the amount of information that we will divulge, but it is fair to say that the ransom was in excess of £15k – a significant value.

Why the ransomware attack was not a disaster

There were several key factors leading up to the attack:

• Our customer had recently done an upgrade from Dynamics NAV Version 5 to Dynamics 365 Business Central on Premise.
• With a new system came the discussion of the infrastructure, and working with our team the customer upgraded their servers with a SAN, RAID controlled server storage and altogether a much better infrastructure base.
• In addition to good hardware, the IT manager takes his backup strategy, including test restores, seriously.
• The customer’s Business Software Partner is very helpful!

What this all meant is that when the ransomware attack happened on the Friday, the customer was able to wipe the system, including the ransomware, and restore the database from a backup taken only hours prior to the attack. One of our team then worked remotely with the customer to re-install the business central servers on the Saturday, which resulted in the company being fully operational when it opened on Monday.

A Summary of the Success

The Ransomware attack could have cost the business in excess of £15k and a lot of issues and down time making sure they were clear of any malware. However, the actual costs were less than 24 hours of down time, and a small bill from us for the out of hours work and a slightly more hectic Friday than the IT manager would have liked!

Apart from the help that we provided, most of the reason that recovering from the attack was so smooth was down to our customer having good systems in place and excellent practices around backups.

How at risk are you?

A lot of businesses hold cyber security low down on the list of things to do - why would anyone attack your business? We spoke to Southampton (Chandlers Ford) based IT specialist Vermont about the issue and they stated that 85% of  businesses with <1000 employees have been hacked, and most don’t even know. In fact, small businesses make up over half of breach victims, so no-one is intrinsically safe. As discussed earlier, the fact that data breaches are so common does not mean that people are understanding. More than half of SMBs go out of business within 6 months of a data breach due to the PR nightmare that it causes.

Still not convinced? Check out Vermont’s February 2020 Newsletter, where they discuss how cyber criminals work and how they target businesses.

Protect Your Business

Having the right IT infrastructure in place is of massive importance, and we have seen a recent take-up of our customers working to get the right systems installed. However, it is not just about spending money – making sure you have the right back-up and disaster recovery processes in place is a must. The key question needs to be:

If you get a breach, how do you recover?

Protect Your Staff

I was recently at a business networking event where the keynote speaker was Paul Newton from MentalTheft. The presentation very much focussed on how people are the weakest link in cyber security – something that the IT professionals in the room very much agreed with from their own experiences. One of the key take-away points was that criminals work on the basis that “the easier the better”. Things such as blanket phishing emails that look extremely believable could be the thing that leads to the collapse of your business. Vermont showed us figures that stated 80% of hacking-related breaches leveraged either stolen passwords and/or weak or guessable passwords.

All this leads to one thing – you need to invest in every member of your organisation by hiring businesses like mental theft for public speaking at events or Vermont for staff training. Because the cyber threat is real and if your staff is the weak spot then that is what the criminals will be targeting.

We have a number of cyber experts on the team, so please talk to us about protecting your Business Software systems.

Contact Us