If ever evidence was needed as to the dangers of cyber crime, I recently found it in an unusual place. I was at lunch with several close friends, celebrating my birthday in Southern Spain, when one of my friends told me a story that was greatly concerning her. She works in the accounts department of a substantial organisation, one of the biggest employers in the area and a firm of great importance to local commerce. They recently discovered that their IT systems had been infected by a strain of Ransomware.
The virus had encrypted their systems, including the accounts package and they had no idea who to invoice or to pay! Their monthly transactions run into the thousands. The maintenance of their IT systems, including the backing up of data and taking ‘copias de seguridad’ (back-ups) was subcontracted to an external IT company. When the virus was discovered, the IT firm were consulted with a view to restoring systems from a backup. Unfortunately, and this is so often the case, it transpired that the last usable backup available was from some 22 months previously.
It is hard to imagine how to recover from such a position as this, especially with a firm that is so important to so many persons, in what is a relatively rural and isolated location. The firm felt that their only option was to pay the ransom request, which they subsequently did and were successful in recovering some of their data but are to date still missing crucial items.
RedDrum would never advise paying a ransom but fully understand why some firms feel that it is their only option. In most cases a request for payment, even when paid, is followed by a further request. After all, it has to be remembered that criminals are criminals. Once they know that a firm is desperate, they seek to maximise their gain.
The firm may have a right of action against the IT company but what use is that? In such a case as this, the damage may be so great that it could involve the IT company not being able to meet any settlement that may be levied against them, by a court or other tribunal. Further, any such action will take a long period of time, perhaps years. The immediate priority is for a firm to once again be fully functional. No easy task in circumstances such as this. It is a sad fact that some organisations are being forced to close, following such incidents.
Compare this scenario to the Ransomware attack that a RedDrum client recently suffered, in early January. Their systems, including their case management and accounts were completely encrypted, yet they were back up and running within a day.
It is no longer possible for firms, whatever industry that they operate in, to leave the responsibility for the security and back up of their mission critical data, to an external firm without sufficient processes being in place. In fact, I would go further than this, depending upon the size and nature of the operations of a firm, it is no longer advisable to leave this process to an internal IT Manager or IT Department. In both instances, a testing process should be in place that proves the existence of reliable and usable back-up systems, to the Senior Management. The cost of not having such a system in place, grows greater by the day if not by the minute.