On June 10, 2017 a major web hosting company was infected with Ransomware malware that destroyed the web sites of over 3,400 customers located on their many servers. After the infection was discovered, the company then discovered that not only their servers were encrypted but their backups had also been encrypted. The originals and their backups were worthless!  They were faced with the stark realization that they had no alternative but to pay the hackers a ransom to get their data back or they would be out of business.

The hackers demanded $4.4 million to restore the lost data. That’s a long way from the more common $300-$500 that we hear that many victims are expected to cough up but shows that hackers can adjust their fees based upon who they’ve infected and how much they think that they can extort.  Negotiations between management and the hackers took 6 days and finally $1,000,000 was settled on as the final amount to be paid. The company had to rebuild 153 servers and the data took 21 days to un-encrypt and still a great deal of data was lost as un-recoverable.. In the end, the hosting company still suffered irreparable data loss on 28 of their servers.

While the initial price tag of $1,000,000 sounds like a lot, let’s look a little deeper look to discover the real loss this company really incurred.

 1. The ransomware outage event took 27 days to resolve. There’s no firm figure on how many of their 3,400 customers bailed on the company and took their business elsewhere but you can bet the number was significant.

 2. The affected customers were offered 3 free months of web hosting in compensation with a permanent 30% discount thereafter for as long as the customers remained a customer.  That’s a 30% loss of revenue on all existing business FOREVER!

 3. Customers that lost data that couldn’t be recovered were offered free web hosting in perpetuity.  That’s 100% loss on a portion off at least a portion of their existing book of business.

 4.  Finally we’ve got to take into consideration the extra labor costs to put the network back together.  That’s no small number either.  Remember, we’re talking 153 servers, 3400 web sites and recovery took 27 days!

 Any business owners out there want to guess what the final price tag was for this company? Whatever it winds up being, it’s not a pretty number!  The final price tag on this event will definitely be in the multi-million dollar range and I’ve got no doubt that several IT people are out looking for new jobs.

 The Malware that infected this companies servers was a variant of the Erebus Ransomware which is known for exploiting outdated and un-patched software.

When was the last time you verified that your backups work and you could recover from a malware attack that encrypted all of your business data?  Need help figuring that out?  Contact ACT Network Solutions by calling (847) 639-7000 or send a request for information to INFO@ACT4NETWORKS.COM.