“History repeats itself, but in such cunning disguise that we never detect the resemblance until the damage is done.”
Sydney J. Harris
Once technology jargon, the term “ransomware” is now used in news headlines as a warning to many businesses. The victim of the very well-known ransomware attack was Colonial Pipeline just last month. It resulted in the shutdown of a pipeline responsible for transporting fuel from the Gulf Coast to New Jersey. This led to stranded gasoline supplies on the East Coast, thereby adversely impacting an inordinate number of people who rely on gas for their transportation needs. This month’s blog discusses the effects of ransomware on businesses and how CMIT Solutions helped a client overcome this cybersecurity attack.
What is Ransomware?
According to the Cybersecurity & Infrastructure Security Agency (CISA), “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.” These individuals typically threaten to sell or leak an organization’s data if the ransom is not paid. Instances of ransomware attacks have progressively occurred on the state and local levels. Moreover, CISA Executive Director, Eric Goldstein, encourages all organizations “…to strengthen their cybersecurity posture to reduce their exposure to these types of threats.” In the past two years, technology security providers have seen a huge increase in these types of attacks.
How does Ransomware Infiltrate a Business?
Unfortunately, it can be all too easy for cybersecurity attackers to infiltrate a computing network. Perpetrators typically contact users through the use of phishing emails, which deceive users into clicking on a malicious hyperlink or attachment.
Recently, a prospective client called CMIT Solutions as they had experienced a widespread ransomware attack. The systems included multiple servers and dozens of workstations/laptops. The operations of this well-established professional firm were almost entirely halted for a considerable length of time. As the enterprise, its insurance company and a forensics firm evaluated the situation, the client decided to ask CMIT Solutions to assist in recovery.
As a result of the attack, the client had to mitigate several adverse effects. There were weeks of zero to limited server/network functionality, including e-mail. The senior staff and an owner managed client notifications and discussions, insurance, staff direction, forensics and work interruption. Additionally, there were HR considerations given the encryption of personally-owned computers. As a result, leadership had to almost halt running their business in order to manage this cybersecurity breach.
The company was also left to contend with impacts to its bottom line. Specifically, one of the consequences of the ransomware attack included major income reduction (lost work for their clients by all staff for days-to-weeks). Though insurance would likely cover a substantial portion of payment for emergency recovery services, potential major expenses also had to be taken into account. Repercussions from the attack also consisted of unknowns, such as potential client loss and unknown employee outcomes.
How Did CMIT Solutions Help?
The affected firm had previously invested in security, having hired an IT security professional for as-needed support. However, that outside practice had not implemented the full range of effective security solutions that CMIT Solutions provides.
Upon request for help, CMIT Solutions provided a full on-site team of professionals with additional remote experts assisting the firm. We rebuilt dozens of the workstations and laptops, properly secured them and implemented secure remote access. Additionally, we assisted in network reconstruction. Due to the limited protections in place upon our arrival, unfortunately, none of the previously existing data was recoverable from most systems. However, we have now implemented a range of security services and controls to provide the client with far better protection and support.
Next month, stay tuned for our next installment on ransomware which will discuss how you can protect your business with best practices from the ongoing effects of ransomware attacks.
