The Current Situation

The security landscape for businesses is like a never-ending game of whack-a-mole, with bad actors constantly popping up with new ways to mess with systems and networks. No one is safe—not even your grandma’s knitting club. Everyone’s had a brush with identity theft, bank account compromises, or outright theft. It’s estimated that the cybercrime industry will rake in over $9.5 trillion dollars in 2024. Good business leaders deploy countermeasures to fend off these attacks, but unfortunately, there’s no silver bullet.

Recent Events

During the past year, two of our clients had ransomware events. Their servers were encrypted, and a ransom note was left with instructions on how to contact the bad actor, get the servers working again, and threats if they didn’t follow those instructions.

Both businesses are high rollers. One followed our advice for business continuity preparations, the other did not follow those instructions. Their experiences were as different as night and day. Let’s start with the one that didn’t listen.

A Complete Loss

For purposes of anonymity, we’ll call this company “Bluebird.”

The Setup

Bluebird had their own IT Director, who thought he was the next Tony Stark. He deployed an in-line backup solution on the same hardware and VM cluster as production servers. All production data was stored on production servers accessed via VPN and local domain network.

The Recommendation

When Big Fish came to the rescue, we recommended moving away from on-prem servers to cloud solutions and ditching the VPN. Bluebird said, “Nah, we’re good.” We also suggested replacing the in-line, onsite backup with an air-gap onsite backup appliance with offsite replication. Bluebird said, “No thanks, we’ll stick with what we’ve got.” We recommended a spam filter, but Bluebird opted for something else, probably a tin can and string.

The Attack

Six months later, Bluebird got hit with Royal Ransomware. The IT Director, in his infinite wisdom, notified no one, wiped the drives, and restored everything from the onsite backup. No passwords were changed, no systems were scanned or inspected, and still no notice was given to anyone. Two months later, Bluebird got hit again with the same Royal Ransomware. This time, the criminals changed their gameplan and also encrypted the backup server, leaving no viable backup. Because the IT Director, following the same old, tired game, had already wiped the drives before checking the backup (again), Bluebird was left with an encrypted VM image of a single backup server, a 27-terabyte monstrosity.

The Continuity

Even though there was no hope of recovery, Bluebird had cyber insurance and paid their deductible, which covered the criminals’ demands for the decryption key. However, the 27-terabyte file was too unwieldy to move or decrypt. Bluebird had to rebuild their data from scratch. This event brought the company to its knees for four months. They scraped data out of emails and any residual files on users’ hard drives to cobble together a small percentage of their production data. Even after 18 months of rebuilding, Bluebird has not recovered most of their data.

Disaster Averted

For purposes of anonymity, we’ll call this company “Cardinal.”

The Setup

Cardinal outsourced their day-to-day IT to a local traditional IT service provider. They had a traditional data backup solution to external hard drives connected via USB to the physical on-prem servers running virtual servers. All production data was stored on production servers accessed via VPN and local domain network.

The Recommendation

Big Fish recommended that Cardinal outsource their CTO from Big Fish through the VCTO program, which they did. On our recommendations, Cardinal moved 90+% of operational, day-to-day document and file/folder collaboration to the cloud, as well as 100% of email services to the cloud. Cardinal also moved to an air-gap onsite backup appliance with offsite replication for the remaining onsite servers and deployed our recommended email filtering services.

The Attack

Cardinal’s series of servers were compromised by the cyber gang Black Basta with ransomware. All servers were encrypted, and a ransom note was left with instructions on how to contact the bad actor, get the servers working again, and threats if we didn’t follow those instructions. Cardinal was in the middle of a major deal closing the day this happened.

The Continuity

Thanks to the countermeasures Cardinal approved, they were back up and running the same day of the attack (within an hour). Most employees didn’t even feel a bump in their day, and the deal closing went through without a hitch. The criminals didn’t get a dime. Cardinal did have to undergo legal and forensic analysis, which was covered by a small deductible on their cyber insurance policy.

The Bottom Line

What would happen today if your business were attacked or disrupted by a scenario like this or any other disaster? Are the countermeasures in place to ensure your business can have a rapid recovery, or would you be in the dark for months? Big Fish has proven solutions that we can put in place to not only recover from a disaster but to help prevent it. Contact us today to start the conversation.

678-528-7713 option 2

sales@bigfishtechnology.com