Case Study: Ransomware Prevention & Restoration
Our client is an established architectural practice based in North London.
Royal Institute of British Architects (RIBA) members, this client specialises in modern, contemporary, domestic projects bringing high-end architectural design to local living.
Information technology is a critical part of ongoing operations within an architectural firm. Powerful design workstations with high-end software need ongoing maintenance, whilst operational PCs are subject to the impact of visual data management. Suffice to say that any type of service interruption can lead to business difficulties, loss of client data and ultimately, a disaster scenario.
The client has always taken their IT and data security seriously. They run Symantec Hosted Endpoint protection for desktop safety and ensure local machines are patched and updated regularly.
As any IT professional knows, no matter how you may prepare for a virus attack, it sometimes may not be enough, especially as heuristic, intelligent viruses continue their widespread proliferation of the Internet. Unfortunately, all it took was for one member of the client team to unknowingly browse a compromised website for an attack to begin.
Ransomware is a particularly nasty, costly and aggressive form of virus, with sophisticated cryptography and network detection at play. The virus located the file server and encrypted every file overnight before the impact of the compromise was detected the following morning. The ransom was presented and the clients’ data was inaccessible. Through detection work and rigorous checking, Aquilatec located the source of the infection, isolated the infected machine and having ensured some time ago that the client was prepared for such an eventuality, started the data restoration from cloud backup. The data was safe. There was no need to pay the ransom to remove the encryption. Architects’ data can quite easily run in to multiple terabytes of local storage, and while an off-site cloud backup is critical, it is not always quick to restore large amounts of data over the Internet. The restoration took almost 5 days to complete and verify, and whilst the data was safe, a local backup could have expedited this process significantly. A hybrid on-site and offsite backup solution will keep data safe in the event of a local disaster, but also allow for rapid restoration of data from the local vault in most other circumstances. This has since been recommended to the client.
Our team at Aquilatec proceeded to switch out Symantec for BitDefender MAV, a managed anti-virus solution that offers the client the degree of learning protection they require. It happened that Symantec licensing in place had a year to run, yet Aquilatec’s flexible policies enabled us to negotiate a switch of product without the client incurring additional fees. At the same time, WebProtect was deployed to prevent any further exchange of encryption keys and a repeat attack.
Since the attack, this measured and protective Aquilatec solution has secured the client further and given them the peace of mind they need to continue to grow their business without the fear of targeted, aggressive cyberattack.