17-user wholesale/distribution client (2008 - present)
The client’s story
in 2008, this client hired us to install a content filter in their Pomona office. After we completed this task, they continued to use us and they remain our client today. Over the years, we helped them with many projects and made many improvements to their system. Since 2008, this client has only had one major problem. They were infected with a ransomware virus. This is described below.
Case Study - a ransomware virus
Within the last few years, this client’s system was infected with a ransomware virus. Almost all of the client’s data was infected. This included the client’s accounting system and all users’ data such as Adobe PDF files, Word documents, Excel spreadsheets, PDF files, photos, and other users data. This type of virus puts a password on critical files and then the author of the virus holds the data hostage. The author will only release the password if they are paid in bitcoins. Usually they charge per infected machine.
We designed this client’s system to include a disaster recovery plan. We setup a system that could recovery from a major disaster. This includes physical disasters like earthquake, fire, and theft. It also included computer disasters like hard drive failures, accidental deletions, virus infections, and others. As a result, our client did not have to pay the fee. Instead, we simply scanned the network and removed any infection that was present. Then we restored all data from their backup. Their system was up and running like nothing happened within 12 hours. Most of the 12-hours was spent scanning all 17 PCs and 3 servers to make sure the infection was removed prior to restoring from backup.
The client was obviously relieved. They were able to get back to business as normal the next day. All of their data was intact and things were back to normal.
Ransomware viruses specifically infect files on hard drives in a computer, server or network attached disk like on a NAS or SAN. What saved this client was a good backup system that had many copies of data. More importantly the backup did not reside on disk where it could be infected by a ransomware virus.
When we designed this client's system and backup, there was no such thing as ransomware. However, one of the rules of a good backup is not to store backup data on a disk that is online all of the time where it would be vulnerable to issues like unauthorized access, changes, or deletions. This design is what helped the client recover from such a problem. This is why being proactive is important.