Ransomware doesn’t just hit the big guys, they don’t discriminate against organizations of any size. It would be foolish to think that Ransomware attackers won’t bother with you. They don’t care. If they manage to get in, they will get you. This became a harsh lesson for a small non profit organization here in Vancouver last week.
Ransomware encrypts your files so that you no longer have access to them, and then demands payment to get that access back.
2016 is fast becoming the year of Ransomware.
Just A Small Non Profit
This small non profit manages bookkeeping and accounting services for other non profits. They are a small organization, only five desktops and a server, and they don’t have the expertise to fight off a ransom.
Their IT support is outsourced, like many companies of this size. They are much too small to hire an in-house tech support person, and their technology needs are normally not that great. This day would be different.
As a bookkeeping agency they are responsible for their client’s accounting records and they store those Quickbooks accounting files on their in-house server. These accounting files are the life blood of the clients they support. To lose them means losing all accounting activity for the year and prior years.
The consequences are disastrous.
The Ransomware Attack
They had heard about Ransomware, so when one of the staff noticed files on the server changing to something unreadable she mentioned it immediately. A subsequent call to tech support went out shortly after that.
Here’s what she saw:
Recognizing and responding quickly is very important in a Ransomware situation and the speedy call for support, followed by the immediate shut down of their server and all desktop computers helped then not lose all their files.
How did it happen? One of the staff opened an attached “zip” file (compressed file) in an email. From there the attack reached out very quickly to all the attached drives it could find.
Luck, and Cloud Backups
Their support company responded quickly, yet within just a few minutes over 6,000 files were encrypted on their server, and over 15,000 files were encrypted on the desktop that was the source of the attack.
By the time it was all over they knew they had been lucky. They had reacted quickly once they saw the problems, and they had been doing daily cloud backups so they could pull back data from the day before. They were back up and running again by the end of the following day. All files had been restored and they did not have to pay the ransom.
You can find the full step-by-step story of troubleshooting and mitigating this Ransomware attack here: Ransomware attack