Saving a 40-Year-Old Company from Going Out of Business

When a Ransomware Attack Almost Ended It All.

When a Ransomware Attack Almost Ended It All.
Spread the love

Penny wise and pound foolish. An idiom that’s been around since the 1600s, it’s the perfect way to describe the scenario facing many businesses today. By choosing not to invest in backup systems, they’re left open to ransomware attacks. Lucky for this company, Advizex was ready.

This Customer Brings Personal Style to Life.

Based in Woburn, MA, this customer sells design-focused, high-end stationery and gifts. From calendars to journals, stationery to drinkware, their products are unique, fun, and inviting. While they sell to select retailers (including big box retailers), they also sell directly to consumers through their online boutique.

It Won’t Happen to Us.

We’ve been a trusted partner for this customer since 2009. Most recently, we had encouraged them to bolster their security measures by protecting the availability of their data and network. We discussed developing a Disaster Recovery Plan and backup solution to store their data offsite, not on their main network. This way, if network security is compromised, the company’s data is safely stored elsewhere and can be restored. The customer, however, had their disk-to-disk backup system on their local network’s storage area network (SAN). They also had unpatched and end-of-life systems still on the network and exposed to the internet. Their malware detection systems likewise weren’t current. In February 2020, Advizex presented a proposal to remedy their situation.

Because of cost, it was rejected.

Just seven months later, this customer’s data systems were taken hostage by a well-known ransomware called Sodinokibi (also known as Revil and Sodin) — in September, which for retail, is peak holiday shopping season. Because their backups were on their local network, they also fell prey to the attack. They had no choice but to rely on the hackers to decrypt their data.

A Simple, Yet Powerful Concept.

By design, ransomware (a type of malware) encrypts data, potentially forever. It oftentimes enters a company’s network when users click on a website link or download an unknown file. Attackers can also take advantage of known unsafe network ports which are opened to allow end-users to access company resources while working from home during the pandemic. While malware has been around for decades, they’ve evolved to evade some anti-virus systems. They also take advantage of older systems that aren’t perfectly maintained.

Once the data encryption is successful, the hackers contact the company demanding a ransom amount, promising to increase that amount as time passes. The attackers also threaten to release data such as personal information, company financials and intellectual property to the public if the ransom is not paid. Without clean backups, some organizations have no choice but to pay.

Upon payment, companies cross their fingers and hopes the ransomware gang provides working decryption keys. There are no guarantees. Organizations without mature IT staff may need a third-party to help decrypt and restore their data, while verifying that any additional malware is removed in order to bring their systems and applications back online. This is an arduous process that takes time and money. And there are never any guarantees that all systems can be recovered.


The Ransomware Economy.

There’s an entire marketplace around dealing with ransomware attacks. Ransomware attacks are on the rise, so much so that they’re just about considered normal. According to The Beazley Group, ransomware attacks rose more than 130% in 2020 alone. When our customer reached out to Advizex, they informed us that they had a company lined up to decrypt their data at a cost of $250,000. The company told the customer they could use their own programs to decrypt the files and avoid paying the bad guys, when in fact that was nearly impossible given the type of ransomware — we surmised the company was going to pay the ransom and decrypt the files using the encryption key, making a $150,000 profit.

Advizex gave them a better (and ethical) way.

For just under that amount, we’d not only negotiate the ransom amount but also decrypt the files, clean their data from latent malware, modernize their operating systems, install next-gen endpoint protection and firewall functionality, secure their network via segmentation and secure VPN with multi-factor authentication. We’d protect the environment from future malware attacks. Not surprisingly, the customer moved forward with Advizex.

Back on Track.

Advizex brought in a security specialist to negotiate the ransom, obtain the required cryptocurrency, acquire the decryption keys and monitor for further attacks. This expert was able to lower the ransom from $150k to $80k.

Advizex did the rest once the decryption code was handed over. We worked around the clock with the customer to rebuild the environment. This process wasn’t (nor ever is) turnkey.

It sounds strange to say, but the experience was like working with any other technology vendor. The hackers were helpful, courteous, and easy to work with. Their customer service was excellent, supporting again this notion of a ransomware economy. They have to be helpful or companies won’t pay the ransom in the future. It’s a business unto itself. Each experience may vary, of course.

Prevention Is the Cost-Effective Solution.

To put it plainly, it’s less expensive for a company to secure their network, instill good security practices within the organization and set up reliable, secure backup systems than it is to be a ransomware victim. In addition to the $80k in ransom, the company paid the negotiator and Advizex nearly $150k to recover the data. Additional costs for the future include establishing a BC/DR plan and implementing that plan.

These costs don’t include lost revenue, productivity, lost vendor confidence or the mental anguish of not only the company owners but also its employees.

The customer was fortunate that, ultimately, Advizex was able to save the business. For us, it’s all about being a trusted partner and looking at our customers’ business as our business.

We see this over and over and over again — systems left vulnerable to attacks. Everyone’s in the same boat. No one thinks it’s going to happen to them. And then it does.

— Jay Martin, Practice Manager and Engagement Executive

THE ADVIZEX TEAM

It took a village. Key team members include:

  • Tom Mutch – Sr. Account Executive
  • Tracy MacCurtain – Inside Sales Rep
  • Jay Martin – Practice Manager and Engagement Executive
  • Brian Rota and Joe Banaga – Microsoft architects and specialists
  • Erik Santos, Eric Anderson – Security and Network pre-sales architects
  • Matt Glynn – Storage, Backup and Systems pre-sales architect
  • Chris Biller, Josh Lawton, Will Hebert – Network and Security Delivery specialists
  • Rod McCarthy – Project Management
  • Steve Kucker – GM and Executive Sponsor
  • Matt Wenger – Advisory Services Director
  • Partner – Arcas Risk Management