We Critiqued Organizations’ Reactions to Recent Ransomware Attacks

With ransomware so often in the news, are organizations really shaping up their IT infrastructure? Organizations are increasing cybersecurity budgets and investing in security metrics to avoid being subject to data breaches. Despite their efforts, the number of successful cyberattacks are increasing, along with the number of companies who feel that they are likely to be compromised in the following year (Source: CyberEdge). 

What’s the best way to determine how prepared organizations really are? Test them. One way or another, the organizations will be tested, it is just up to the owners whether it is in a controlled environment or the real deal. And since some organizations have recently been “tested”, let’s see how they responded. 

Travelex 

If this were a college course, Travelex would have failed and been required to retake it. Unfortunately for them, after this attack, they definitely will “retake it” some day, and probably soon. Travelex, a London-based foreign exchange company, paid a staggering $2.3 million worth of bitcoin to hackers to reclaim access to their computer systems which were compromised by a ransomware attack discovered on New Year’s Eve 2019. A group who claimed to be behind the attack said they had access to the company’s data 6 months earlier, since the summer of 2019.

Despite paying the ransom, Travelex was not able to get its business back to regular operations until over one and a half months later. Only the company’s website remained operational in the attack, with online transactions suspended, and locations being forced to return to physical records. 

Overall Score: Very Poor

Overall, Travelex’s response to the New Year’s Eve ransomware attack was very poor. They didn’t discover it for 6 months, and were severely under prepared, with no backups to get them back to working order quickly. 

Preparation: Very Poor

Discovery: Very Poor

Reaction: Very Poor

Recovery: Very Poor

Coffee County Sheriff’s Department

Coffee County Sheriff’s Department in Tennessee was attacked last Monday by ransomware. Employees at the jail noticed files mysteriously moving earlier, but discovered that their entire system was encrypted Monday morning. The compromised data included files and arrest, booking and sentencing records for all the inmates. They were sent a ransomware demand, but are instead electing to use paper back-ups. 

Overall Score: Poor

While the sheriff’s department did not pay the ransomware demand, they were still inadequately prepared for the attack, and are now being forced to use paper backups, which is painful and slow. Other working backups could have decreased down time significantly and prevented data loss. Additionally, the employees were not trained well enough to understand what the suspicious movement of the files meant. If the employees had understood, some or all of the lost data could have been prevented. 

Preparation: Poor

Discovery: Very Poor

Reaction: Moderate

Recovery: Very Poor

 Finastra

The data breach that began in mid-march was discovered after the hackers’ malicious activity set off an alarm from one of Finastra’s cloud servers, alerting its security team. After being discovered, the hackers worked quickly to begin the ransomware attack. To prevent irreversible damage, Finastra took the affected servers offline, which also stopped delivering services for many of its customers. This came at a time when Finastra was working on new emergency plans due to COVID-19.

Overall Score: Moderate

While Finastra did react quickly to the ransomware attack, their preparation and recovery were very poor. Finastra neglected to fix many known software issues, which aided the hackers in their attack. Finastra correctly refused to pay the ransom, saying “Paying the ransom just makes you a bigger target for next time,” however, recovering and rebuilding their servers from their backups will be a long and painful process, leading to long amounts of downtime and service loss. 

Preparation: Very Poor

Discovery: Moderate

Reaction: Excellent

Recovery: Poor

Durham City

Last month, Durham City, North Carolina, was hit with ransomware. The malware spread after an internal employee clicked on a malicious email. After discovering the ransomware, the city quickly took affected systems offline as part of their cybercontingency plan. They were then able to quickly restore systems from working backups which had not been compromised by the ransomware because of their immutability and distance from the on-site data.

Overall Score: Excellent

Durham City was well prepared to combat the ransomware attack with a cybercontingency plan and working, fast backups from Rubrik. Additionally,the city routinely and frequently holds security trainings for employees to prevent them from falling prey to phishing emails. They were quick to react and recover, preventing extended data loss and down time. 

Preparation: Good

Discovery: Excellent

Reaction: Excellent

Recovery: Excellent

Guaranteed Excellent Recoveries

Rubrik is an award-winning, industry-leading, enterprise-level backup and recovery service that leverages an all-in-one software to bring you near-zero RTOs and instant recovery. Rubrik requires little daily management time, so you don’t have to babysit your backups all day to make sure they are ready when you need them.

Businesses not only save up to 50% when switching to Rubrik (and more with Trinsio), but they get more relevant, security-focused services like immutable backups and ransomware detection with Polaris Radar.

Not convinced? Try Rubrik free for 30 days with Trinsio. Sign up here or contact a Trinsio representative to get started.