According to TechRepublic, the CFO of a small company in Kentucky fell victim to a ransomware attack. Through an interview with the CFO, TechRepublic was able to reveal why the company chose to pay the ransom (in Bitcoin) to regain control of their systems.
The Kentucky small company fell in line with a growing trend of companies opting to pay criminals in cases of ransomware attacks. With ransomware attacks on the rise and many companies put in an awkward position with vital business operations suspended due to attacks, it can sometimes be easy not to get authorities involved and focus on gaining immediate control of the company’s network–regardless of cost.
This company’s attack started with a simple email to one employee, stating, “Hey, you’re under attack.” Sensing something wasn’t right, the company thought to alert their IT company, who confirmed it was a ransomware attack. This was a surprise to the small company that houses only eight PCs and never expected to be a target of such an attack–but also an important reminder than any business, of any size, is always operating with a level of cybersecurity risk.
The initial message to their employee came with a message to not turn off the computer, and that they (the hackers) had it under control. The message came with a contact phone number. From there, their IT company recommended getting their insurance company involved. Within a couple of days, the insurance company communicated with the hackers on their demands. Quickly, the situation became one of not “if” they’d pay the hackers, but “how” (and in what form).
With an initial demand of $400,000, the insurance company was able to negotiate down to $150,000, which they paid via Bitcoin. While the company never found anything about the hackers, they do know that they usually start with demands in the millions, so it was uncharacteristic for them to come after a small company.
While the imminent risk is now behind them, the small Kentucky company is faced with an important question: how did the hackers get in? Was it an employee that clicked a link? Where are their weaknesses moving forward? In their case, they found several updates they needed to perform to increase security, but at the end of the day, it’s likely that one employee probably clicked a phishing link that let the hackers in. Moving forward, they’ll be stressing caution to their employees by clicking suspicious links, and ramping up other cybersecurity measures to protect their business.
To read the full transcript with TechRepublic, click here.
To download the PK Tech Cybersecurity Ebook, click here.
For questions regarding your companies cybersecurity infrastructure, or for ransomware attack concerns, contact PK Tech here.