Cybercriminals often carry out mass attacks on many companies simultaneously. This gives them a higher probability of receiving the ransom amount. This was probably the scenario in the following case.
The target of the hackers this time was a small accounting office in Italy.
In the middle of a week, overnight the company’s employees saw their files get a new extension, .google. They also found a ransom note on their desktop offering the key to decrypt the files for 30,000 Euros.
The company wisely ignored this ransom demand and started looking for an internal means of recovery. After 3 days of trying, in which the company was paralyzed, they decided to put the task of recovery in the hands of qualified professionals.
It was then, that through a Google search, the company found us and immediately contacted us explaining the situation. All physical servers and backups were hit making all operations of the accounting office impossible for 3 days.
“There is no longer any doubt… We don’t know which access they got in through, but we were attacked by ransomware.” That’s what the company said when they contacted us.
From the client’s industry, we quickly understood the importance of encrypted data that is extremely sensitive. After conducting advanced diagnostics, we set our mission, to completely decrypt, and in a short period of time, all the encrypted files. That is, 12GB of the management software, including the data of all the firm’s clients.
The client sent us the necessary files via a secure link on Google Drive and our technical team went about the recovery. Meanwhile, our sales team was taking information in real time to the client about the progress of the project. This practice brought security to the company, as they understood that their data and the future of their company were in good hands.
After approximately 2 and a half days, our specialists obtained very good recovery results and, without delay, we scheduled a time for data homologation. This step is of utmost importance, because our priority is to deliver data that is relevant to the customer.
We created a secure environment and gave access to the company’s IT manager to evaluate whether the data recovered by our technical team was as expected. The customer really made no mistake in understanding that the future of his company was in good hands.
All files were successfully decrypted. Thus reestablishing the full functioning of the accounting office.
Without a doubt, the scenario would have been different if this company had not found us. Thanks to our technologies, we are able to help companies avoid major financial damage, loss of authority in the marketplace, not to mention the loss of sensitive data that should remain confidential.
Ransomware attacks are becoming an increasingly serious issue. The big question is no longer “If I am attacked?” but rather, “When am I attacked?” For this reason, the Digital Recovery group, through RansomHuter, is willing to help companies get back up and running and, in turn, continue helping people.