Held up

Have you ever been held to ransom? We don’t actually know of a business client that has but we now know what it feels like.

So here’s our story

Started on a Monday morning – computer switched on but wouldn’t open our main software. Nothing worked. We’d been infected with “ransomware” – a virus that can (in theory) be unlocked if you pay someone a ransom. Our data wasn’t lost or destroyed – it was encrypted and of no use to us. We couldn’t do a lot of everyday things.

  • No addresses to send mail to
  • No phone numbers to call people
  • No file to answer your questions
  • No ability to send out fees so no cashflow
  • No processing of your data
  • No emails in or out

Staff were asked to take leave or days without pay. They did both. So we virtually came to a standstill. And that’s how it stayed till about 12 noon on the following Monday.

Choice to Make

Our choice was simple – pay the $8000 they wanted OR rebuild our file servers (we have 2). Paying may be a quick fix and should be considered if you have very poor backups. You might get 48 hours to pay and in theory you may be back on line in 24 to 48 hours. Some issues worth considering:

  • The people running the scam may be shut down in 2-5 days – you may pay and never get the unlock code
  • The unlock code may hold a sleeper and may reactivate the whole process, say 6 months later.
  • The unlocked data – your data – may retain a part of the virus.

Ideally, you would still copy the data and run tests to ensure no virus retention. Can you trust something that has once been infected? A big call.

We chose to disconnect our computers from the internet, to wipe out all files that were locked and to rebuild our services from backups. Even then, the process failed twice because the virus had infected four (4) days of backups. So we were forced to use a Wednesday backup as the next four days were corrupted. The cost: about $15,000. But at least we know that no viral residue or time bomb is in our system.

How do you get Infected?

We are only discussing ransomware now but there are other cyber-attacks/attackers which target specific data e.g. credit card numbers or sensitive data. These types of attacks could ruin your business or reputation and could lead to legal or even court action. Ransomware has become a business itself and is continually refined and improved. An example (which may have caused our problem) is an email from ASIC (Australian Securities and Investments Commission) inviting you to renew your business name. We have seen such an email many of times. But a very skilful forgery appeared recently with a link attached – the link contained the virus. It only took a few days to get the source shut down but it probably infected thousands of business in Australia.

So be very aware of opening attachments or links – they could be funny videos, a PDF file, an Excel spreadsheet of a ZIP file. Know the sender and even contact the sender and, if in doubt, delete or send the email to an expert for analysis. And train your staff not to open attachments without thinking. More about that below.

How Can you Protect Yourself?

As we found out, firewalls and anti-virus software are not impregnable. And we thought our systems – hardware and software – were very, very, good – top quality and up to date. But virus developers (it’s a very lucrative business for them) are developing their product faster than anti-virus software businesses. The latter are playing catch up. Protection comes via;

  • Up to date anti-virus software
  • Back up of all data – preferably 3 sets/copies and kept for a week, not a day or two. Remember, “ransom” virus will also seek out backups on your system and lock them up as well. That means “cold” backups are also needed on external devices such as portable hard drives (get 3 of them).
  • Using IT professionals to build your system from the ground up
  • Communicating with your staff about opening suspicious emails, and doing it regularly.
  • Not allowing staff to use their own devices, such as laptops, or IPads, on your network.
  • Developing systems and rules relating to safety and security of your data.
  • Total protection probably does not exist – consider yourself a victim waiting to happen.

Some closing Points

Loss or theft of data can result in legal actions, the loss of reputation or even, in extreme cases, the loss of your business. Using the “cloud” does not afford much, if any, additional protection. The baddies come through your email address and follow a pathway to your data, regardless of where it is stored. As long as it is accessible via the internet, it is vulnerable.

Finally, we are aware of insurance you can take out – it was offered to us only 4 weeks before we were attacked. After consulting with our IT experts, we declined. If you want to know about this product, offered by Accountancy Insurance, a division of Suncorp, please contact us for details.

Thanks for reading our story. Learn from it and reduce your risk.


March 2017


P.S. We are not licensed to provide advice or recommendations about insurance products. And we are not promoting Accountancy Insurance. There will be some/many similar products available. So either do your own research or use a broker.

P.P.S If you operate a network like ours, and we know some of you do, don’t expect a quick fix after the removal of the virus. Two week later, we still have almost daily follow up issues which will probably lead to another $2000 invoice.

Should you have any further questions please email us.