The team at Victoria-based MSP Data Central has spent days recovering and restoring a client’s systems after it was hit with a ransomware attack.
Data Central CEO Andrew Cunningham told CRN the attack could have been avoided had the client not decided to delay security upgrades until after an office relocation.
The client, who wished to remain anonymous, had big plans for IT upgrades once they had settled into their new facilities that were all but completed but, Cunningham said, Data Central had been urging them for “months and months” to make moving to the cloud and improving security a priority.
Then they were hit by ransomware attackers who shut down the company’s systems and demanded 1.6 Bitcoin (around AU$100,000 at the time) to bring it all back online.
When the company saw everything gone there was “a bit of panic and distress”, Cunningham said, but they never considered paying the ransom.
Fortunately, after rebuilding their servers and network from scratch, Data Central was able to restore the client’s systems, but it took 36 hours of work and the last two months of files were unrecoverable.
Remarkably, there were two machines that had escaped completely unscathed – two machines on which Data Central had installed trial versions of security products from US-based endpoint protection vendor Comodo Security.
Cunningham credited the software’s auto-containment feature that analyses threats before they are allowed into a system.
He said that in his 40-plus years in IT, he’s seen a lot of antiviruses fail to stand up against attacks, but he’s never seen such a clear example of one being so effective.
It is also a clear example of the value of following an MSP’s advice.
“I had one person asking ‘why did this happen, you look out for our network?’” he recalled. “‘I've sent emails to you saying that you must act and here are the quotes to do it,’” he said that he replied.
“And then one of the directors stood up and he said, ‘Yes, ... We were advised, no, we didn't take any of the advice that we should have, maybe, because we didn't understand what was said or the importance behind that. But guess what – we do now.”
The company has gone from being an ‘ad hoc’ customer to a fully managed client.
“Everything on their server is shut tight, there's no port open. Unfortunately, they had to learn, I guess,” Cunningham said.