On Friday 21st October at 6:15am, our Huddersfield Town Regional Partner On IT received a call from one of their largest clients explaining that they had been a victim of a cyber attack. The company which operates across 3 sites had been hit with a ransomware attack asking for $270,000 in order to retrieve their data that was locked behind an encryption wall.
Ransomware attacks are a very common type of cyber attack that are only becoming a larger threat to businesses. Ransomware attacks involve a third party accessing a company’s system and locking all the data, the only way to then retrieve this data is to pay the ransom which will give you a decryption key to re-access your data.
On IT take us through the steps they went through on the day to prevent the attack from happening on their client:
- Attack – Attackers launch ransomware attack at 1.30am.
- Discovery – The first team to get in discover the attack, at which point the majority of damage has been done.
- Call to On IT – client calls On IT explaining the attack.
- Engineers on Site – Within 3 hours of the initial call, On IT had engineers on site with the client. The first thing the engineers did was unplug everything, this is crucial during a ransomware attack, this was done to cut the attack off at the edges.
- Check Back Up Solution – On IT discovered that the backup solution had been affected by the encryption and so they couldn’t restore the data from this. Their on site engineers began doing remediation and agreed a plan to get at least 1 computer per department online so the company could continue operating.
- Solution Agreed – On IT were able to come up with a solution for their client, which involved a full re-build of their environment.
- New Servers – The team worked to build and configure servers before driving to the different site and installing these servers. The team also built a new server infrastructure, created new domains and implemented new security policies.
- Third Party Specialists – On IT reaches out to third party cyber security specialists who were able to identify the root cause and entry point of the attack.
- Future Proofing – On IT are working to move more of the companies data to the cloud. They have also implemented a suitable back up solution of an air gap, this is a gap between the environment and the back ups meaning that should one be affected the other won’t be. An anti-ransom software was also installed to add a further layer of protection.
Advice for SME’s
Ransomware is becoming a much more common attack for medium-sized businesses, especially those who have increased their brand awareness or gained more publicity recently.
Businesses should be advised to have cyber protection insurance in place, as had On IT’s client not had it, they would have been liable for £150,000 of remedial costs. Ransomware attacks can financially destroy many companies if it doesn’t have the costs to fix the issues.
How can On IT Help?
A hacker will get into your system if they really want to, so it’s important to have the processes in place to ensure your business can recover from the attack.
Ensure your business has an air gap between your environment and back ups, do regular back ups and invest in anti-ransomware software. On IT can help with implementing these actions to your business should you not have this in place.
Get in touch with the team at On IT today – https://onit.ltd/