Should you pay the ransom? – The Property Chronicle
Select your region of interest:

Real estate, alternative real assets and other diversions

Should you pay the ransom?

Golden Oldie

Originally published September 2021.

Without cyber insurance your business is vulnerable.

An IT department received an email from their marketing team stating that they couldn’t access their files mounted on the file-share server. All file extensions on that drive had been renamed and encrypted with the Phobos ransomware. What came next could only be described by the group CEO as abstract panic followed by overwhelming, long-lasting concern as to what was missing, destroyed or unrecoverable, compounded by fear of what might be lying dormant.

In shock and uncertain what to do, the CEO dug out their cyber insurance documents and called the helpline. Within minutes, a cyber forensic expert had mapped out the process and taken much-needed control of the situation. Endpoint detection and response tools were installed and deployed to the affected network which, in due course, would verify the risk of future infection and root cause analysis. A forensic image of the server was collected and the investigation into the incident began.

The file server and affected machines were shut down to reduce the risk of the ransomware spreading. Senior management didn’t know what to tell employees and employees didn’t know what to tell customers. A PC in the back office had to be set up and used as a server, albeit with very limited access, and the only clean back-up available to work with was from four weeks ago.

“The forensic investigation concluded that remote desktop protocol (RDP) on a device had been compromised and a folder was found that contained multiple hacking tools”

Containment and monitoring of the environment was necessary for the next two months, checking for threats or unusual behaviour, and ensuring no malicious activities occurred. The forensic investigation concluded that remote desktop protocol (RDP) on a device had been compromised and a folder was found that contained multiple hacking tools. The device had authorisation to access the file-share server, allowing the ransomware to encrypt these files. Fortunately, the attempt to move laterally and gain access to privileged credentials had failed. Still, it was not until the end of the second month after the attack that business as usual could resume.

Despite no ransom being paid in this instance, the costs incurred soon mounted up to in excess of £25,000. The financial protection from insurance cannot be overlooked, however, the guidance and support that comes with it gives a highly unnerving and unsettling experience much-needed direction and a structured, effective, immediate response.






Golden Oldie Technology

About Catherine Aleppo

Catherine Aleppo has been with Aston Lark (including predecessor companies) since 2005. With cyber risk exponentially increasing in recent years, Catherine’s role at Aston Lark is focused on helping businesses understand the importance of identifying their threats and vulnerabilities, and provides solutions for transferring those risks which exceed an organisation’s ability to remediate.

Articles by Catherine Aleppo

Subscribe to our magazine now!

SUBSCRIBE

Our Partners