Backup Or Payup?

With Government proposals to fine companies in certain sectors without strong cyber security up to £17m, cyber-security expert Andy Hunter at ITPS takes us through a typical ransomware scenario that could one day feature your business.

It is not a case of if a cyber-breach will occur, it is a case of when. Ransomware is big business, with people around the world just like you and I, working hard Monday to Friday and looking forward to the weekend. Except the business they work in is based around locking down IT systems and data, and demanding a ransom in return for the key. Business is booming, and around 26% of shadowy digital currency Bitcoin is now thought to be used for criminal activity such as ransom payments. Let me take you through a painful and expensive scenario, which is more common than you might think. Company A is an award-winning business with over 100 staff, several sites, and decades of successful business experience.

With no in-house IT team, and no business continuity strategy in place, someone within the business takes a daily disk-to-disk backup and stores it on an on-site server. One morning, staff discover they cannot access their IT system. No emails, no files, nothing. Apart from a message saying if they wanted the key to unlock their IT, it was going to cost them several thousand pounds. Although the client only has a light break-fix support contract with us, they appeal for help and our experts get to work, identifying the problem and confirming that the attack came from an overseas server, using a crypto-locker. These free, easily downloadable software programs scour the web to identify vulnerable IT infrastructures. The software looks for simple naming conventions, for example ‘mail server’ or ‘backup files’; unsophisticated passwords, an on-site backup and firewalls which have not been regularly updated. Without an offsite backup our team have their hands tied but they work around the clock and over the weekend for the next week, salvaging what they can from the client’s historic backups, and creating virtual servers in the cloud so staff can at least receive and send ‘new’ emails, and access the internet.

The business is struggling and customers are impatient, but it retains some limited functionality. The criminals have cleverly deleted all data on the backup server to increase the likelihood of the ransom being paid, and the client feels they have no other choice but to pay the ransom, even though there is no guarantee the criminals will keep their word. We identify an honest broker to help them set up a Bitcoin account, but this is not a quick or simple process, and take several days. The first payment sees one, low-use server unlocked, before the criminals come back and demand more money to unlock the rest of the IT system. Full access is eventually restored, allowing our team to integrate the temporary fix with the client’s IT infrastructure, and it’s back to business as usual. This scenario demonstrates how hacking can happen to the best of organisations, and why underinvesting in IT and services is a false economy. An expert IT partner will be able to guide you through options such as affordable managed services models, to guard against this situation arising. Complacency could one day kill your business. Backups may not be sexy, but they are vital. Come and talk to our cyber security experts, or come along to one of our regular security briefings and find out how more about how to guard against the everincreasing threat.