Learn from a true client experience.
Just less than a month ago we were referred to a company who had been attacked by ransomware a few weeks prior to reaching out. A ransomware is a malicious software initiated by a hacker that will actually block the use of the computer system until a certain amount of money is paid to them. They did have an IT tech at the time, but he was not comfortable handling this severe of an issue. He knew that he had not properly protected this company from being vulnerable to cybercriminals and now all of her sensitive data is in a hacker’s hands. Unfortunately it doesn’t end there , he also didn’t have a safe backup system in place. The daily backup that he ran was connected via USB and that was instantly corrupted during the attack. And the weekly backup that they had once established was overlooked for months.
We only had two options at this point to recover from this ransomware. We either restore a good backup, which sadly was not possible, or pay the ransom to the cyberattacker. Our client asked me to initiate a conversation with the hackers to figure out other possible options and to find out exactly how much money they were demanding in order to give access back to her network. When I reached out to the cybercriminals they informed me that they wanted $50,000 USD in Bitcoin. The hackers even sent me files proving that they had full access to my client’s highly sensitive information so I knew that they actually had copies of the data. After several negotiations between my client, myself and the hackers, we agreed upon $16,000 USD in Bitcoin.
The next step was for my client to set up a crypto wallet, transfer money into it, then send it over to the hackers. With ZERO assurance that even after giving into their demand, sending the money, and the hacker’s receiving it that they would give my client back access to all of her data. And of course there is no way to get her money back if all else fails. Once we sent them the money, they did confirm that they received it and now it was a waiting game. They had to send us a decrypter program so that we could get all the data back in our possession. This seemed like the longest hour ever for us and our client! To make matters even more stressful, once they sent the decrypter program it didn’t work we still couldn’t regain access. As I was trying to run the program it gave me an error message so I reached back out to the hacker explaining the situation and sending them proof with screenshots. After multiple failed attempts by the hackers to give us a viable solution, they then asked for remote access to the machine so they could give it a try themselves. At this point we really have nothing more to lose, so I implemented a secure network for just that computer and I gave them access. Next thing I know, I am watching the hackers on the client’s computer, moving around on the screen attempting to fix this issue so that she could have her data back. Apparently something had gone wrong with their encryption and that is why the decrypter was unable to work. This took the hackers 16 hours of diligently working to restore our access to the client’s data.
Once they figured out the problem on their end and fixed it now it was my turn. I took the decrypted data, scanned it for any virus and put it on a replacement server for the client and the next morning she was back in business! After countless hours of stress and worry there were happy tears and almost some booze in the office that morning!
We are so happy that they are now a client of ours here at Sabat Age Consulting. The former IT guy had felt horrible that this had happened under his watch but he was helpful when it came to the transition. We are now doing full protection, updates and monitoring on all of their computers. Regular redundant cloud and local backups are also on the schedule as an added layer of protection.
Don’t let your company and all of the sensitive data you collect be a hacker’s next target. Let Sabat Age Consulting help set you up with a secure your network & your data to protect against any malicious activity. Contact us today!
Comments are closed