Byte-Size Tech: Managed IT Firm Stopped Ransomware Attack In Progress

Mark Anderson and Libby Powers of Anderson Technologies share background on ransomware, and what happened when Anderson Technologies encountered a ransomware attack happening to one of their clients! Spoiler alert: all of the data was saved.

Related Reading


Libby Powers: Hi, everybody. Thanks for joining us today.

Mark Anderson: Hi, everyone.

Libby Powers: I am joined with Mark Anderson, one of the founding principals of Anderson Technologies. Something we really want to discuss with you today is we know business owners really want to learn more about ransomware. We want to tell you a story about a ransomware attack that actually happened to one of our clients.

Mark Anderson: And what we did about it.

Libby Powers: Yeah. Can you tell me a little bit about what ransomware is?

Mark Anderson: I would love to. So, ransomware—you’ve probably seen on the news stories where companies have been attacked by this piece of malware, if you want to call it that. It essentially is a piece of software that encrypts all of your user data and then demands a ransom at the end in order to get your data back. And if you don’t pay it, it shreds all your data.

Libby Powers: So, in layman’s terms, it’s kind of like if you have a bunch of unpaid parking tickets, and the city comes and puts one of those big yellow boots on your tire so you can’t drive your car away. Right?

Mark Anderson: Mm-hmm, that’s exactly right.

Libby Powers: All right, good. So I know that we actually have a client that had this happen to them, correct?

Mark Anderson: We did, yeah, a manufacturing client of ours a while back. The individual was at home working on a spreadsheet the night before, came into the office the next morning, and was very surprised when she couldn’t open that file. She then went to another file, couldn’t open it either, and then thought, “Hmm, something very fishy is afoot here,” called our help desk, and talked to one of our senior sys admins.

Libby Powers: That’s amazing. What was the outcome of that?

Mark Anderson: The individual was able to remote into her computer, didn’t even have to drive there, and within 10 seconds was on her machine and was able to detect that, lo and behold, a ransomware event was in the middle of occurring right then and there.

Libby Powers: That’s incredible. How long did it take for that sys admin to completely stop the attack?

Mark Anderson: Once he discovered the issue, fortunately, in this particular case, we had installed a backup system which allowed us to do hourly backups. So he just rewound the clock one hour earlier and restored that server from the previous hour’s backup, and within 47 minutes from when the call came in to when the server was fully restored…that was the amount of time that it took to get them 100% back up and alive. It was interesting because the business owner then came in later that morning and was informed of this, and was absolutely amazed that something like that had occurred and basically they had practically no impact.

Libby Powers: That’s pretty incredible because obviously, as a manufacturer, they have a lot of clients, I’m sure. And so they didn’t have to go and tell any of their clients that this was happening either, not losing that very important client data that you have. This is really interesting. I really appreciate you sharing this and giving us a little more information about ransomware and things that you can do to protect yourself. Maybe go seek out a managed IT firm to give you a third-party analysis of how secure and how ready your backups are in case something like this were to happen to you.

Mark Anderson: Absolutely. Thank you so much. Bye.

Libby Powers:  Bye now, thanks!