• CryptoLocker is a new family of ransomware whose business model (yes, malware is a business to some people) is based on extorting money from users. Crypto-Locker hijacks users’ documents by encrypting the files and asks them to pay a ransom (with a time limit to send the payment, doubling the ransom if not paid in time). What they pay for is an un-locking key. The attack is initially from an email attachment that attacks all files on the network including remote drives and lockbox etc. Read more

Case 1- Data Restored after CryptoLocker Ransomware with Cloud backup

Recover Ransomeware AttackWhat required:

Recover from Cryptolocker ransomware which infiltrated customers PC systems and network – affecting a 5 PC system network and dropbox with 30 user access – no server

Who for:

Small to medium sized business

 We delivered:

Immediate response to diagnose problem – isolate the network and disable drop box . UK ICT were able to flatten and rebuild all systems, recover software and data from an HDD backup not attached to the network. Customer fully operational on day 3.

The customer had an on premise HDD backup – following the procedure to rotate and remove one HDD offsite, we were able to recover data from the backup which was unaffected by the virus. If this, or offsite backup were not in place – or the backup device was attached to the network – the above process would not have been possible. Customer had a fully up-to-date anti-virus in place

The outcome:

UK ICT responded quickly to this business critical failure – customer working within one day – and fully operational on day 3. Customer now has offsite backup as a further precaution

Client comments:

Seeing that Ransomeware message and the demand for payment inn Bitcoin had me really worried. We couldn’t do anything in the business and I didn’t know what to do. I called UK ICT. They were very reassuring in their approach, giving me confidence that the disruption would be minimized. It was a stressful time, but the calm and efficient way they got us working was a great relief. I’m glad I followed the excellent advice about protecting my data

 

 


Case 2 – Data Restored Ransomware (CryptoLocker) without backup

Who for:

Small to medium sized business (Not a client at time of attack)

What required:

Recover from Crypto-Locker (ransomware) attack affecting 2 x servers and 14 x PC’s

The Company was ordered to pay £1000 in Bitcoins and with no access to the internet this was in itself difficult.

We delivered:

Engineer was on-site 40 minutes after call was logged on UK ICT Help Desk. The Customer’s backup had been corrupted as it was attached to the server at the time of the ransomware attack, so were unable to restore from backup.

The company decided the only way forward was to pay the ransom this had to be done within the 48 hr period. This in itself became problematic given no access to the internet, but was made possible by opening a new temporary account for them – once ransom confirmed and recovery keys received, we unlocked the data which was restored, flattened and rebuilt servers prior to restore, running multiple and varied anti-virus scans

Flattened all PC’s and rebuilt. Any local data on PC’s was lost, anything on Folder redirection – copy on server was retained

The outcome:

Successful outcome but very stressful, expensive both to resolve and loss of business, company had access to data within 3 days of the attack – and fully operational within one week. UK ICT responded quickly and efficiently, and spent a considerable amount of engineering resources to effect this business critical recovery. Company now has full back up in the cloud and policy on e-mail use.

Client comments:

I thought I had lost all my data, UK ICT had me operational, but I have now taken their advice and have protected my data with UK ICT’s Cloud Data Services. When we talked about this before I thought “it will never happen to me”, but it did. An innocent click on an e-mail could have cost us our business. People take their IT systems for granted and it is only when they stop working that we give it the attention it deserves. UK ICT worked outside office hours to reduce the impact on my business. I am confident that, by following their advice, we are better protected for the future

News on the subject
Contact the UK ICT team for more information or a callback