A new high-profile case of ransomware seems to pop up weekly, whether it be about a company that’s been attacked or a new group of attackers – here’s this week’s story. And it’s never a feel-good story. The bad guys always seem to win, forcing the hand of the infected company and costing them hundreds or thousands of dollars. And really, there aren’t many options for companies who get hit with ransomware. You can pay the money or you can shut the system down to prevent the virus from spreading and restore from a previous backup.
So why doesn’t every company restore from its latest backup? Traditional restores take time. And even worse, many organizations only backup data once a day because of the constraints of typical IT infrastructure. And because most of these attacks target organizations with sensitive personal information and make it impossible for the affected files to be opened, the attack usually ends with the company paying up because of limitations on time and resources.
Often, the only realistic option for those hit with a ransomware attack, especially for those with business-critical information affected, is to pay the ransom. Restoring data from a recent backup can lead to hours or even days of downtime, halted productivity, and lost work, depending on when the last backup took place. How long could your business shut down while waiting for the restore to take place? How many days of business-critical data could your company afford to lose?
One organization with a firsthand experience with ransomware is SimpliVity customer Central One Federal Credit Union and will tell their story in a SimpliVity webinar. The problem started a little after three o’clock on a July afternoon when a file needed for batch processing couldn’t be processed by an employee at Central One. It took a long while for the team to figure out exactly what was going on, recalls Neal Reardon, assistant vice president of information systems and technology at Central One.
“We thought it was a problem with core. So we called the core vendor, they couldn’t figure it out, so we just kind of were waiting on it,” said Reardon.
The core vendor was able to narrow the problem down to a single folder. The folder in question existed in all branches of the company, so the core vendor attempted to copy the folder from the credit union’s disaster recovery branch to its production branch. This decision was made after three hours had already been lost trying to identify the problem.
Reardon was out of the office when the decision was made to copy over the folder. He returned to the office a few minutes before eight o’clock, when the copy was almost done, and restored the backup and changed the network card so it wasn’t in production.
“As soon as we put [the folder] back on the machine, it started acting weird. And then, all of a sudden, we caught this one phrase. And then we looked it up and it was ransomware. A cryptolocker. So we immediately pulled that server off the network,” said Reardon.
Everybody in the company shared a drive on the server for the core applications. And this was the drive that had been encrypted. Once the machine was off, Reardon was able to restore from his most recent SimpliVity backup.
“At the time, we were backing up every four hours. It started around 3:30 that we noticed the problem, so we went to the latest backup, which was noontime. And then everything worked fine. And we were out of here by 8:30 or so,” said Reardon.
Central One had been using SimpliVity as its go-to backup solution for over two and a half years. Once the ransomware was detected, and the team realized they needed to restore from a previous backup, the whole process only took about fifteen minutes to restore and get everything back online and running. In fact, the only reason the problem took around five hours to resolve was because the ransomware wasn’t identified until about four and half hours after the folder couldn’t be processed. Once the team realized a cryptolocker was to blame, they were able to quickly restore, including any work done between noon and three pm, and get everyone home for the night.
SimpliVity is able to save businesses money when a ransomware attack happens by limiting downtime. According to Ponemon Institute, the cost of downtime due to ransomware is $7900 per minute. SimpliVity enables restores to occur in mere minutes, offering quick and reliable data protection capabilities that are simple to manage. The architecture is highly resilient which prevents data loss and maximizes business uptime.
Ransomware is becoming increasingly nasty and common. No one ever thinks their company will be the next one to be infected, but the odds continue to increase as more and more types of viruses are created. Once an attack has entered the system, SimpliVity can help to minimize the damage done by enabling restores to happen in just a few clicks because of unparalleled data efficiency and built-in data protection. SimpliVity offers businesses an alternative to paying the ransom and can meet even the most stringent RTOs and RPOs.