Case Study

Business Continuity Strategy

Ransomware Disaster Recovery & Business Continuity Implementation

Location: Port Charlotte, FL 

Employees: 35

The Need:

A medical billing and recording company was compromised by the Cryptolocker ransomware virus. 

Here's a breakdown of what happened: 

  • Virus penetrated the network via spear phishing, a social engineering hack wherein the financial controller was invited to click on a link to retrieve financial information and the virus was injected into the network file share on the server
  • After infection, the primary data shares on the server were encrypted and inaccessible by the organization
  • Employees and clients were unable to access critical billing and records data
  • Business was completely stopped on all fronts
  • The business owners needed to get the business systems back online as soon as possible.

The Implicaton of this Virus:

The CryptoLocker virus and all variants of ransomware operate by encrypting critical files and then holding them hostage. The hackers require the organization to contact an anonymous phone number and pay a ransom ranging anywhere from hundreds of dollars to millions of dollars.

A few key things you should understand about ransomware:

  • There is no way to decrypt these files by any method other than paying the hackers that placed the virus on the system.
  • The only method of recovery in this scenario was to rely on local backup and disaster recovery plan to recover the data to the last backup point.
  • It is important to note that in many cases, the CryptoLocker attack can infect the local backup location as well, which makes offsite replication to a secure site a requirement in order to truly stay protected.
  • In this particular scenario, the organization was able to recover their data, but the most viable backup was more than a week old - which resulted in thousands of dollars lost. The business owners knew they couldn't afford to have this situation happen again, and that's when they reached out.
  • The organization engaged Entech’s Managed Disaster Recovery tools to manage and ensure backups were in place for all critical servers, data and applications
  • Based on a predetermined plan (created in conjunction with the business needs), the new business continuity methodology had backups being run every 15 minutes with offsite replication.
  • For the future, the business continuity solution would recover the last known viable backup point and the server would be restored to that point, which would result in less than 30 minutes of lost work in the event of an infection.

Analysis of Potential Costs:

Here are the different scenarios and costs associated with each: 

Option 1: Pay the ransom. Cryptolocker Ransom Amount: $82,000.00

  • Risks associated: No assurance that the hacker won't lock you out again.
  • No future solution for recovery or protection from other infiltrations and hacks. 

Option 2: Recovery scenario with Standard Backup Tools

  • Average recovery time using standard backup tools: 24 business hours
  • Average cost of recovery: $41,760.00 (based on average burdened employee cost)

Option 3: Entech Managed Disaster Recovery

  • Recovery time: 3 business hours
  • Cost of recovery: $5,220.00

The Outcome

Leveraging Entech's Managed Disaster Recovery and Business Continuity Solution, an organization that is infiltrated by the Cryptolocker virus or any other type of ransomware will not have the same concerns that they would have without a business continuity strategy. 

  • They don't have to pay a massive ransom.
  • They avoid days or weeks of downtime without access to their data, only a few hours.
  • They don't have to worry about failed backups or wonder how much they'll lose while their team determines viability of that data.
  • They don't have to worry about local backups being infected with ransomware.
  • They save over $35,000 (or more) in potential lost productivity compared to a standard recovery timeline. 

The Impact

  • Moving forward, the business owners don't have to worry about client lawsuits.
  • The owners avoid any negative publicity that typically follows a major system compromise.
  • The organization now has complete confidence that their systems are safe and always recoverable within a 15-minute recovery point. 

Business Continuity Solution in Florida