A real world cyber security attack and what your business can learn from it

Despite having secure alpha numeric passwords for their servers, hackers managed to gain access overnight to a clients servers. No data was stolen, instead the hackers installed ‘ransomwear’ onto the servers (this encrypts all the data contained on them).

The hackers then asked for the ransom to be paid and in return they would release the decryption key so the data would be usable again.

The client used a local computer support company that took back ups of the main server, they managed to restore the data on that server with no loss of information.

However, an issue arose with the second server.

This server was used for their accounts data (for their industry specific accounting program). The client knew that back ups were scheduled to take place automatically every night and as a result separate back ups were not taken by the computer support company. 

Unfortunately, the back ups on this second server were failing every night, they received no notifications that would have suggested there was a problem. The last successful back up that was taken was in May 2016.
They contacted their insurers who advised them to pay the ransom to the hackers so the data could be restored with no loss of information.  

The ransom was paid, the decryption key was received, but an error occurred on decrypting the largest file (the file with their accounts data).  As a result, they have lost all their accounts data from May 2016.

Fortunately, they had recently taken up cyber crime insurance which will (in this case) cover the cost of them restoring their data, however this will not compensate for the inconvenience and stress of not having an up to date financial information, which in the short term could have a significant impact on their business and cash flow.

We have been advised that decryption keys for ransom wear (once the ransom has been paid) normally do work.  The hackers rely on reputation. If they do not provide the correct decryption key after the ransom was paid then those that have been hacked would see little benefit in paying the ransom if they cannot guarantee that their data would be restored.

Key things to consider

1.    No matter how secure you believe your password is there is a possibility that it could be hacked.
2.    Ensure back ups of all data and servers are 
a.    being taken,
b.    checked to ensure they are working and,
c.    are kept securely.
3.    Consider taking out additional insurance against cyber crime.