According to TechRepublic, the CFO of a small company in Kentucky fell victim to a ransomware attack. Through an interview with the CFO, TechRepublic was able to reveal why the company chose to pay the ransom (in Bitcoin) to regain control of their systems.
The Kentucky small company fell in line with a growing trend of companies opting to pay criminals in cases of ransomware attacks. With ransomware attacks on the rise and many companies put in an awkward position with vital business operations suspended due to attacks, it can sometimes be easy not to get authorities involved and focus on gaining immediate control of the company’s network–regardless of cost.
This company’s attack started with a simple email to one employee, stating, “Hey, you’re under attack.” Sensing something wasn’t right, the company thought to alert their IT company, who confirmed it was a ransomware attack. This was a surprise to the small company that houses only eight PCs and never expected to be a target of such an attack–but also an important reminder than any business, of any size, is always operating with a level of cybersecurity risk.
The initial message to their employee came with a message to not turn off the computer, and that they (the hackers) had it under control. The message came with a contact phone number. From there, their IT company recommended getting their insurance company involved. Within a couple of days, the insurance company communicated with the hackers on their demands. Quickly, the situation became one of not “if” they’d pay the hackers, but “how” (and in what form).
With an initial demand of $400,000, the insurance company was able to negotiate down to $150,000, which they paid via Bitcoin. While the company never found anything about the hackers, they do know that they usually start with demands in the millions, so it was uncharacteristic for them to come after a small company.
While the imminent risk is now behind them, the small Kentucky company is faced with an important question: how did the hackers get in? Was it an employee that clicked a link? Where are their weaknesses moving forward? In their case, they found several updates they needed to perform to increase security, but at the end of the day, it’s likely that one employee probably clicked a phishing link that let the hackers in. Moving forward, they’ll be stressing caution to their employees by clicking suspicious links, and ramping up other cybersecurity measures to protect their business.
Our take on it:
- Cyber-criminals are attacking even small businesses (8 computers!), and it paid off!
- Insurance companies are only paying ransoms because the alternative is to shut down the impacted business.
- Expect massive insurance premium increases. All these claims and resources required to employ IT Security experts will be passed down to small businesses. Alternatively, insurance companies may explicitly exclude these events, which will put small businesses in a tough position if they’re infected without a path to recovery.
- We can’t stress this enough: WORK WITH A COMPETENT IT COMPANY.
This small business did not have proper backups in place. Presumably, corners were cut on the IT side, and it should put this small business out of business. The insurance company stepped in and paid $150,000 to bail them out. However, we assume the data is breached (sensitive data copied to an offsite server) once hackers have control of your system. I hope they weren’t in a regulated industry! Even after they paid, this is the beginning of a lot of new expenses (increased IT security, lawyers, fines, reputation repair, etc.)
- To summarize: an ounce of prevention is worth a pound of cure.
- Ask your IT Company ASAP what happens if a cryptolocker virus runs on a computer today and locks up your data. What is the path to recovery, and how long does it take to get there?
To read the full transcript with TechRepublic, click here.
To download the PK Tech Cybersecurity Ebook, click here.
For questions regarding your companies cybersecurity infrastructure, or for ransomware attack concerns, contact PK Tech here.