Any ransomware attack is an unfortunate and undesirable event. While many organizations experience more dire and painful data recoveries than this local business, valuable lessons can be learned from their ransomware success story.

HOW TO SURVIVE A RANSOMWARE ATTACK [WATCH THE VIDEO]

Lessons from a Local Ransomware Victim

To survive a ransomware attack, you need more than data backup. You need to invest in planning, defense and insurance as you would any other business resourceYou need to be able to recover that data. 
 
Any and every organization – no matter what size – is a potential ransomware victim. The recently attacked business, Arctic Air, has only 11 full-time employees.
 

Arctic Air Case Study

The attack at Arctic Air most likely occurred when a mobile user was phished while working on the server. This doesn’t make them a bad person or employee; it’s a common pitfall of the way the world works today. Cybercrime and phishing are realities we cannot ignore.
 
The user likely clicked on a link or downloaded an email attachment while on an unsecured connection. This could have been while using public WiFi at a hotel or a coffee shop.
 
 

 VIEW THE FULL ARCTIC AIR CASE STUDY HERE

 

Ransomware locked access to all files on Arctic Air's server and restricted access to the internet and email. Once the issues were detected, Arctic Air called Loffler to help recover their data from backup. We had them back to work the following day.

The attack wasn't a particularly mature or refined piece of dark code. It appears to have come from a rogue conspirator who created/manipulated it. Luckily, it doesn’t appear to have caused a data breach, only a systems lockup (more on this later).
 
Arctic Air implemented their incident response plan upon detection. This provided a quick emergency response and a ransom was never communicated or needed addressing.
 

Regardless, costs were still associated with the attack:

Lost Labor: Minimal 

Employees were able to work despite their locked files. Once they regained internet access, they used a cloud-based accounting application and email. Productivity slowed, but was not completely interrupted. 

Lost Revenue: None

Arctic Air experienced no lost orders or invoices, despite the ransomware.

Rework: Minimal

They lost a critical warehouse spreadsheet they needed to recreate. To avoid this, the user should have saved the document on the backed-up server, instead of on their desktop.

Recovery Costs: $4,500

Loffler reacted immediately to Arctic Air's situation by implementing their incident response plan and assembling a team of engineers to recover their data. This is a significant cost to a small business, but costs could have been double or triple. Minimized costs were due to:

  • Loffler’s existing knowledge and experience with the company's systems
  • The waiver of emergency support fees due to the above
  • Designation of Loffler as a member of the client’s emergency response team

Company Reputation: Minimal to None

Arctic Air was attacked, but not breached, based upon initial cyber-forensic evidence. A data breach requires formal reporting to government agencies like the FBI. It would also likely land you in Sunday’s business section.

Due to the above, Arctic Air is an example of an upper tier ransomware survival story. They experienced a recoverable event with minimized pain. The story could have been even better. It also could have been much worse. Loffler has also assisted with many of the latter.

What Steps Should a Business Take If They Are Hit With Ransomware?

How do you reduce damage and fight to protect your systems? 

Follow Your Incident Response Plan

This assumes you have an incident response plan. If not, create one. 

Upon initial breach awareness:

  1. Contact your IT security response team (form this if you don’t already have one).
  2. Engage your internal IT team and/or your technology solution partner team to address.
  3. Contact legal representation. Have them contact insurance representatives about liability and potential compensation. Ransomware fees may be reimbursable, depending upon your organization's cybersecurity insurance plans.
  4. Debrief executive management/ownership on initial findings.

Develop a Recovery Plan

Once you've contacted the people who need to know about the attack, you need to fight it.
  1. Assess the ransom price demanded versus potential recovery charges. Refer to the Arctic Air case study to see how this worked in real life.
  2. Avoid ransomware payment until it's your only option. 
  3. Implement recovery efforts. This is assuming you are prepared with backup and recovery.
  4. If you are not prepared for a ransomware attack, continue reading:

Recommendations to Protect Yourself from a Ransomware Attack:

Have a current and verified backup process. This includes testing your backup on a regular schedule. Tapes, thumb drives, external drives, etc. do not qualify. They contain data but do not allow you to recover. 

Most importantly:

Ensure you can recover your backup. Ransomware survival hinges on recovery. Recovery depends on virtualization and your system's backup and recovery solutions.

  • Assess which technologies are most relevant for recovering company data. Options include on-premise, cloud or hyperconverged.
  • Assess which technologies are most relevant for recovering user data. This may mean forced backup to server, Dropbox or OneDrive, for example.

Contact Loffler for more detailed explanations, suggestions and recommendations.

 I Want to Protect My Business From Ransomware

Read Next: Three Cyberattack Vulnerabilities to Avoid

Mike Maki

Mike is the Vice President of Information Technology at Loffler. He has been in the IT field since 1993 and was previously an owner of a successful IT solution provider for 12 years. Mike has managed both security and managed service teams and consulted on IT management for both large and SMB organizations. Little known fact: While in college, Mike was the lead singer for a garage band called Mojo and the Kingsnakes. This is now known as “Classic Rock."

Latest News

IT Strategy
November 26, 2024

Is Your IT Strategy Putting Your Business Goals at Risk?

Many small- and medium-sized businesses (SMBs) struggle to develop a comprehensive technology strategy. In some cases, ...
Read More
new-business-phone-system
November 12, 2024

Being Told You Need a New Business Phone System? Read This First.

Originally Published August 2018 Updated November 2024 Upgrading doesn’t have to mean buying new. We’ve worked with ...
Read More
Security Risk Assessments
October 31, 2024

Rethinking Cyber Risk Assessments: Affordable, Painless, and Actually Useful

Imagine waking up to find your business’s sensitive data compromised. Scary, right? But what if I told you that taking ...
Read More