Recently a member in practice brought this story of a ransomware attack to our attention:
The client had ransomware introduced onto their server by the heating engineers upgrading software that controlled the office heating system. Clearly the heating engineers were the victims of the attack as well. The client actually paid the ransom but the decrypt codes didn’t work. The police had put them in touch with someone who did bitcoin payments.
The fortunate thing here was that their key work flow system was cloud based. They did however lose the whole accounting data set which, contrary to advice, they didn’t have backed up separately. They survived this because we had just done the year end management accounts so had the numbers we needed.
There are some useful lessons to be learned from this experience. The impact of such an attack could have potentially been reduced if the victim had followed the advice we recently provided, How can I defend against ransomware?
In this case, if the firm had considered ransomware as a cyber risk then perhaps they could have been better prepared, in the case by having viable data backups.
It can be helpful to consider three layers to managing cyber risk.
Cyber security for small firms can be challenging. Many of the techniques used by large firms do not scale down to be used by small firms. However, the consequences of having no cyber security measures in place can be devastating for an organisation.
Have you been a victim of cyber crime? Are you able to share your experiences and lessons learned? If you have then please contact firstname.lastname@example.org and we may be able to publish your story here.