Proactive defenses and employee education are the best ways to protect against ransomware, however, accidents happen and sometimes malware sneaks through even the best defenses. We’ve discussed ransomware disasters in the past but you may wonder how things would turn out with proactive solution in place. Quite recently, our technicians remediated just such an occurrence.
About two weeks ago our support team received a call from a client who had noticed some unusual activity on their system network. The individual was infected with the JohnyCryptor variant of Troldesh/Shade ransomware. The Johnycryptor@aol.com.xtbl ransomware is most often distributed through infected attachments in email. Typically, a cybercriminal will create an authentic looking email that mimics a company like FedEx or USPS with either a tracking notice link or an attachment. If the user clicks on the link or downloads the attachment, the ransomware can bypass standard defenses such as firewalls or antivirus checks and infect the system. Most ransomware will seek out ways to propagate itself once it has infected a machine; if not caught in time, it can encrypt an entire linked business network. In the case of JohnyCryptor and most other forms of ransomware, once files have been encrypted there is no reliable way to get them back.
Thankfully, in the case of our contact, not everything was dire. The system administrator for the company noticed the infection and instead of ignoring the problem, contacted our support staff immediately. We received a call on Friday evening and had an engineer on the task immediately. The client had practiced proper data backup and retention practices and once we diagnosed the problem, we were able to remove the ransomware and restore their backup. All told, the client experienced a minor service disruption on Friday and our engineer was able to recover all data from the backup the following Saturday.
In the above occurrence the client demonstrated a proactive approach to ransomware and was rewarded with the cheapest solution and only minor downtime. All too often we encounter businesses that have to make due with a costly reactive solution, (often forced to give into the demands of ransomware) or are completely oblivious to the problem and wait until it is too late to solve the problem neatly. In either case, the business is left at the mercy of the cybercriminal and will often experience extended downtime and/or expensive recovery costs.
The lesson to take away here is that while ransomware can be both destructive and disruptive, if you plan ahead and take precautions, it is possible to mitigate the risks. Our support engineers have helped numerous businesses create malware and ransomware prevention and recovery plans. If your business does not already a plan in place, don’t wait. We can help. Give us a call at 212 – 242 – 2949 and lock down your own “best case scenario” in case of a disaster.