024: Cyber-criminals Seek $3.6 million In Ransomware Attack

Cyber-criminals Seek $3.6 million In Ransomware Attack

Video File

Learning Objectives

Upon completion of this case study, participants should: 

• Understand how easy it is for cyberattacks to undermine weak security and lock an owner out of the business;
• Describe how cyber-criminals gain access to a business’ computer systems and valuable data;
• Explain two common attacks: “ransomware” and “phishing,” and how to train employees with best practices that minimize exposure to attack;
• Identify ways to keep a business up-and-running after sustaining a cyberattack; and
• Learn why having a scripted compliance plan coupled with employee training can mitigate these types of attacks, as well deal with other, unforeseen systems-based mishaps.

State of the Industry

The world has rapidly transformed with the internet now a critical backbone of how business is done. With transactions in the billions taking place online daily, criminals have honed their skills at finding ways to unlawfully divert money and resources to their benefit. Furthermore, working from home in a post-COVID-19 world heightens the risk. Thieves regularly target employees that lack training in cyber-compliance and security.  Each and every employee is a target, unless properly trained to follow a secure process that thwarts illegal and unwanted intrusions. 

In this case study, we examine Spectra Logic Corporation, a company that successfully navigated an attack by cybercriminals.

Background and Analysis

This case study focuses on Spectra Logic Corporation (Spectra), headquartered in Boulder, Colorado. All the information in this case study comes from Spectra’s website, and several newspaper articles. Spectra’s business focuses solely on providing clients with electronic data storage solutions.

In May 2020, Spectra’s senior IT officer stated that cybercriminals attacked the company with a ransomware virus. The attack occurred during the height of the COVID-19 pandemic.  Managers who normally worked in the office transitioned to a remote work environment.  Employees noticed that normally functioning systems failed to operate as expected. 

Spectra IT personnel searched the servers in an attempt to pinpoint the source of system failures. During this search, Spectra IT personnel located a ransom note hidden in the files on one of the servers. The discovered note indicated that Spectra had been slammed with the “Netwalker” ransomware virus. The note demanded $3.6 million, payable in Bitcoin within five days. 

This type of malicious software (a/k/a “malware”) is often called “ransomware.” Ransomware prevents employees from retrieving or using their employer’s data by encrypting critical files. These encrypted files are virtually impossible to decrypt without the proper encryption key. The cybercriminals hold the data “hostage” until the company pays a ransom. In return for the ransom, the cybercriminals release the encryption key. 

In addition to the cost of paying a ransom, ransomware attacks could easily cost a target company millions of dollars in lost business opportunities, loss of productivity, and system restoration.  Further, government investigators may allege the company itself may bear civil liability for putting consumers at risk with the loss of personal data.

When Spectra realized it had been hacked and attacked, the IT team began physically cutting the wires connecting their data servers. They took this dramatic step to stop the Netwalker virus from spreading deeper into the data storage systems. 

Spectra engineers succeeded in tracing the source of ransomware.  An employee, working from a personal laptop at home connected to Spectra’s virtual private network (VPN). This employee opened an email from an unknown sender and inadvertently opened an attachment containing the malware. Professionals on IT terms refer to this scheme as “phishing.”  

Phishing occurs when a cyber-criminal tricks a victim into opening an email and having the victim click on either a link or attachment.  Once the employee clicks on a link or opens a malware file, the program downloads a virus to the server. This virus, in turn, replicates itself across other connected servers, forming the foundation for encrypting essential data and holding it hostage. Spectra employed robust anti-malware/virus-scanning software on its internal systems. Since the employee worked from his home computer, he lacked the necessary protections and exposed the company to harm.

Spectra was able to successfully contain the virus and it opted to not pay the $3.6 million ransom. Instead, Spectra notified its cyber-insurance carrier of the attack, and retained a cyber-security expert to assist in rebuilding the data.  

Since Spectra kept frequent back-ups of the data on their system, the company could restart the servers within several weeks and resume business.  Without a strictly adhered to compliance and backup plan, Spectra would have been faced with paying the ransom, or worse yet, losing customer data forever.

During the recovery process, Spectra also contacted the Federal Bureau of Investigation (FBI) to report the crime. 

Recommendation

Every company that relies upon technology should write and implement a robust compliance program, because all businesses should assume cybercriminals may target them for attack. According to VMware’s Carbon Black report, ransomware attacks increased by 900% in 2020.  Experts estimate that criminals using the “Netwalker” virus netted more than $25 million in ransom payments since the COVID-19 pandemic began.  

While working in the offices, Spectra’s computer systems had the necessary protocols in place to avert malware risks.  A window of opportunity opened for cyberthieves when Spectra transitioned to work-from-home, and employees performed their tasks on personal computer systems that did not comply with IT-security policies. 

Email phishing/malware presents a problem for all businesses that rely on email.  Even if a business has some type of compliance plan in place, no assurances exist unless the company properly trains employees to follow compliance procedures on a regular basis. 

To protect a business from falling victim to malware, we recommend that leaders implement robust internal security policies—including a written compliance plan with mandatory employee training on cybersecurity measures. Additionally, taking a proactive stance vs. a reactive stance can burnish business reputations and attract customers.  

Finally, a strong compliance program represents a cornerstone defense in the event that prosecutors target a company for prosecution of white-collar crimes. We recommend that leaders protect the company and team members with excellent compliance programs.  

Take the quiz

Click the quiz below to get started

Sources

• https://spectralogic.com/industry-solutions/ransomware/
• https://www.storagenewsletter.com/2020/11/02/from-spectra-logic-how-we-overcame-ransomware-attack/?t=db8ea64d4b187c2082c4db01cb0c8f2e9d7fe72b
• https://www.zdnet.com/article/this-company-was-hit-with-ransomware-heres-what-they-did-next-and-why-they-didnt-pay-up/