Any ransomware attack is an unfortunate and undesirable event. While many organizations experience more dire and painful data recoveries than this local business, valuable lessons can be learned from their ransomware success story.
Lessons from a Local Ransomware Victim
Arctic Air Case Study
Ransomware locked access to all files on Arctic Air's server and restricted access to the internet and email. Once the issues were detected, Arctic Air called Loffler to help recover their data from backup. We had them back to work the following day.
Regardless, costs were still associated with the attack:
Lost Labor: Minimal
Employees were able to work despite their locked files. Once they regained internet access, they used a cloud-based accounting application and email. Productivity slowed, but was not completely interrupted.
Lost Revenue: None
Arctic Air experienced no lost orders or invoices, despite the ransomware.
They lost a critical warehouse spreadsheet they needed to recreate. To avoid this, the user should have saved the document on the backed-up server, instead of on their desktop.
Recovery Costs: $4,500
Loffler reacted immediately to Arctic Air's situation by implementing their incident response plan and assembling a team of engineers to recover their data. This is a significant cost to a small business, but costs could have been double or triple. Minimized costs were due to:
- Loffler’s existing knowledge and experience with the company's systems
- The waiver of emergency support fees due to the above
- Designation of Loffler as a member of the client’s emergency response team
Company Reputation: Minimal to None
Arctic Air was attacked, but not breached, based upon initial cyber-forensic evidence. A data breach requires formal reporting to government agencies like the FBI. It would also likely land you in Sunday’s business section.
Due to the above, Arctic Air is an example of an upper tier ransomware survival story. They experienced a recoverable event with minimized pain. The story could have been even better. It also could have been much worse. Loffler has also assisted with many of the latter.
What Steps Should a Business Take If They Are Hit With Ransomware?
How do you reduce damage and fight to protect your systems?
Follow Your Incident Response Plan
This assumes you have an incident response plan. If not, create one.
Upon initial breach awareness:
- Contact your IT security response team (form this if you don’t already have one).
- Engage your internal IT team and/or your technology solution partner team to address.
- Contact legal representation. Have them contact insurance representatives about liability and potential compensation. Ransomware fees may be reimbursable, depending upon your organization's cybersecurity insurance plans.
- Debrief executive management/ownership on initial findings.
Develop a Recovery Plan
- Assess the ransom price demanded versus potential recovery charges. Refer to the Arctic Air case study to see how this worked in real life.
- Avoid ransomware payment until it's your only option.
- Implement recovery efforts. This is assuming you are prepared with backup and recovery.
- If you are not prepared for a ransomware attack, continue reading:
Recommendations to Protect Yourself from a Ransomware Attack:
Have a current and verified backup process. This includes testing your backup on a regular schedule. Tapes, thumb drives, external drives, etc. do not qualify. They contain data but do not allow you to recover.
Ensure you can recover your backup. Ransomware survival hinges on recovery. Recovery depends on virtualization and your system's backup and recovery solutions.
- Assess which technologies are most relevant for recovering company data. Options include on-premise, cloud or hyperconverged.
- Assess which technologies are most relevant for recovering user data. This may mean forced backup to server, Dropbox or OneDrive, for example.
Contact Loffler for more detailed explanations, suggestions and recommendations.
Read Next: Three Cyberattack Vulnerabilities to Avoid
Mike is the Vice President of Information Technology at Loffler. He has been in the IT field since 1993 and was previously an owner of a successful IT solution provider for 12 years. Mike has managed both security and managed service teams and consulted on IT management for both large and SMB organizations. Little known fact: While in college, Mike was the lead singer for a garage band called Mojo and the Kingsnakes. This is now known as “Classic Rock."