Skip to content
Ransomware Attack

Heath Bauman, Virtual Chief Information Officer, NetSmart Plus

What to do When Your Business is Attacked by Ransomware

In February of 2018, a local company in Grand Rapids was looking to make a change to a new Managed Services Provider (MSP).  This small business had been neglected by their current IT support company.  They were looking to partner with a provider that would give them the attention, help and IT education they desired. NetSmart Plus was one of the MSPs they were interested in working with. Unfortunately, just before they officially teamed up with us, this business had a ransomware attack on their main line of business servers. According to CRN, “Municipal governments, universities and private businesses have spent more than $144 million responding to the biggest ransomware attacks of 2020 (so far), spending on everything from rebuilding networks and restoring backups to paying the hackers ransom.”

How a Ransomware Attack Can Happen to Any Business

In the example of our local small business, the web server was connected directly to the internet.  This connection had no protection or security measures in place. Upon our evaluation, we were soon to find out that the server had not been backed up in years.  When we started looking into the attack, it seemed there was no way to remove the ransomware. In addition, with no backup, we would not be able restore any current data if we were able to completely “clean” the server.

What to do When You Experience a Ransomware Attack

Sometimes, it can feel that the only option is to pay the ransom, buy the encryption key needed, and unlock the files.  In our case, the entity responsible for this attack was not very good at “being bad” and left no way to communicate or pay the ransom.  The potential partner was left with a big payment request, their data held hostage, and no way to get it all back. This was a worst-case scenario.

Even when it seems like there is no way out, at NetSmart Plus we exhaust absolutely ever effort to save your business in any way.  We researched and found a company located in Scotland that had the ability to decrypt ransomware attacks.  As a last-ditch effort, with the customer’s permission, we contacted Scotland.  We sent them a sample file to prove that they could decrypt it, which they sent back within 24 hours. The file had been unlocked and was readable.

We helped facilitate the customer contracting directly with the company in Scotland to assist. After they logged in remotely, they decrypted the rest of the files.  Within a few days, we had the server back online, fully protected, and the then prospect, happily signed up for our services long term.

How to Prevent Ransomware

Once this local small business became a customer, we installed our security tools on their servers and implemented a disaster recovery program.  This recovery program will allow a restore of their entire system to within hours of any kind of attack or loss of data.  Using this two-tier approach to security, we can make sure that something like this never happens to them, or any of our other clients, again. We may have not fixed the issue directly, but we worked tirelessly to find a solution without costing this business their data or crippling their finances.  With our services now in place, we can prevent these attacks and solve issues much faster in the event another attack is attempted.

Printable Ransomware Prevention Checklist