Are You Vulnerable to Costly Ransomware Attacks?

Protect Your Data

We cannot encourage our clients enough to have some form of a backup for all firm data. It is the best possible way to protect yourself from detrimental attacks. Think of it as an insurance policy for all of your valued and confidential data. This is truly a case where “better safe than sorry” is the mindset to have. If your firm does not currently have in place a well-managed backup system with frequent backups, it is vital to establish a system ASAP before it is too late.

Ransomware attacks are on the rise, and once you have been attacked, your options are extremely limited as to how you can recover your data. The virus can make its way into your computer through something as simple as opening up an e-mail from both familiar and unfamiliar addresses. When the attack encrypts your files, if you do not have a backup, it is going to be quite a miserable and expensive process to have your data decrypted to get it back into your possession; not to mention the loss in productivity and revenue for your business.

What Happens to Your Data?

When the ransomware takes over your system and holds all of your data hostage it becomes encrypted, meaning that your data has been compromised; you are locked out of it and you do not have access to it. You are then left with two options: restore from a backup or pay up for the decryption key to retrieve your data. You are more often than not expected to pay in Bitcoin, or BTC, and the price is usually determined by the culprit who is holding your data hostage. For those not familiar with Bitcoin, it is an online currency, and the conversion is a massive one. 2 BTC is approximately equivalent to $837.92 USD, but BTC fluctuates daily due to market. Data “decrypters,” as they call themselves, offer you a set of processes for retrieving your data. For example, you may be provided a unique password key that must be sent to them so that they in turn can send you a new key that will supposedly “release” all of your data, files, software, etc.


One of the newest strains of ransomware is known as "locky" because it renames all of your important files so that they have the extension locky. It will rename your files and scramble them. Locky scrambles all files that match a long list of extensions, including videos, images, source code, and Office files. The only way to get the decryption key is by purchasing it from the culprits via the "dark web.”

Unfortunately, ransomware creators are becoming increasingly vindictive in their methods for squeezing money out of the firms that they attack. A hospital in LA recently paid $17,000 and had to involve the FBI in order to retrieve their data from their attackers. It is important to note that these decrypters are working for the creators of the ransomware, if not the actual creators themselves. These hackers are attacking internationally, and often only so much can be done because the intrusion is more than likely coming from outside the continental United States. If that is the case, the Feds can only do so much to help as the crime is not happening within their jurisdiction. Nobody wants to be vulnerable to this data retrieval nightmare. The following case study provides details and insight into how ugly and frustrating these situations can become.

Case Study

The Problem

A ransomware attack on software and data much like that described above happened to one of our clients. WAMS had been encouraging the company to implement a backup system for quite some time, but the firm did not see the value in it. They had been reminded and encouraged time and time again not to let their data go unprotected. The company opted not to hedge their bets. Due to the vulnerable place they left themselves in, this client’s data was compromised.

The network is completely down, no programs, no data, and no good back up to restore from.  The firm is reduced to email only mode.

At WAMS we were lucky to know how to handle this situation based on past experiences.

The Solution

The company was initially asked to pay $450 to regain access and for their programs and data to be back in their possession. Although they were not happy with this fee, they understood that the level of severity could have been much worse, such as paying $17,000 to retrieve their data. We don’t advise to pay ever, especially because once you’ve paid you increase your chances of being hit again; but in this case it was the firm’s only option. The process was a frustrating and time consuming one, and it occurred as follows:

  1. Visited a Bitcoin website such as
  2. Set up an account
  3. Found a place to to purchase the BTC
  4. Selected a “Bitcoin Seller”
  5. Deposited cash to a Bank of America account and had to photograph receipt to send to “seller”
  6. Seller sent code once the cash was received in his/her account
  7. Code was placed in “Bitcoin wallet”
  8. BTC was transferred to payee, the decrypter

The fee was paid and the initial key was received, which was sent to the decrypter in order to regain access to their data. Although they were frustrated, the firm was seeing the light at the end of the tunnel and believed that they would soon have everything up and running and go back to normal. It seemed that it would be so until the another message was received:

“Ah, boss saw your ID. See, we have statistics for each computer, my boss said – that the information on the computer is estimated at more than 10 Bitcoins. He said to tell you that we can sell you the decryption key - just for 2 Bitcoins. If you want to buy – send this amount on my Bitcoin – if not, I am sorry, because the boss checked the value of your files and does not allow me to send key now.
– its personal key for decrypter.

If you want to pay 2 BTC – i send the password for archive with key – instantly after payment.”

This was the first time that we saw a decrypter demand more money for the decryption key. Typically, it’s a “one and done” situation with decrypters, but that was not the case this time around. The decrypter felt that the firm’s data was worth more money to be released, and they were able to get that money from the firm because our client didn’t have anything backed up and this was their only hope at retrieving their data.

The cost of this attack, however, does not stop with BTC payments. As the firm’s network was completely down, they were unable to perform work functions. Billable time was at a minimum, if not nonexistent, and the firm was losing money by the hour. Upon receiving this second e-mail, the CFO of the company simply replied to WAMS, “We are screwed.”

The Outcome

After the second round of payment sent to the decrypters the firm’s data was finally released. The company ended up spending over $2,000 in BTC alone. When all was said and done, the company lost about $7,000 to retrieve the data that belonged to them in the first place. “They basically paid for a backup system in this process,” explained Mike Powers, account manager at WAMS. Sadly, this issue could have been avoided had the company implemented a monitored backup system. One of the most unfortunate aspects of this situation is the fact that this was the firm’s second experience being hit with ransomware. After this round of attacks, the firm took our suggestion and set up a backup system. They no longer have to live in fear of what will happen to their systems if they are hit with another attack. Now if they are affected, their system can be reset and restored from the most recent backup.

Don’t Leave Your Systems Vulnerable

Nobody is safe from the current rise of ransomware, and as previously stated, after you’ve been hit once and paid, your chances of subsequent attacks increase. These threats are packaged in many ways and may seem like a completely innocent e-mail message, when in reality your computer is being infected and your data is in jeopardy. The only way to be certain that your data is safe from attacks from ransomware is to implement a backup system with frequent backups and to be sure that it is monitored and always operating correctly. You know the importance of keeping your firm’s data and client information as safe as possible. Whether it is on-site or off-site, it is vital to have a system in place so that you do not leave yourself vulnerable.



WAMS has been providing law firms with comprehensive, high-quality IT/computer consulting and support solutions since 1974. Our legacy of superior quality and service continues today as we design, install, and maintain a vast network of both onsite and cloud-based computer systems specifically tailored for each unique client. Click here for more information.

Return to Forefront main page »
Thomson Reuters Elite Headquarters
800 Corporate Pointe, Suite 150, Culver City, CA 90230
© 2016 Thomson Reuters
Thomson Reuters