How to prevent data encryption in your company?

We are increasingly hearing about companies falling victim to hackers who encrypt their data. Where does this plague of vulnerability come from? One might assume that hackers have discovered new technologies to break security and reach highly guarded data; however, our experience with clients shows that companies still lack sufficient safeguards. Discover a true story and learn how to prevent data encryption in your organization.

Data encyption at an accounting company

– a case study: what does cantact with hackers look like?

n April 2023, an accounting company from Zielona Góra, operating with a small 5-person team, reached out to us. The owners chose to keep the company’s identity confidential, which is understandable – data security is a critical issue for their clients as well. Such an incident could negatively impact the firm’s reputation.

The company’s data was stored on computers and… was encrypted by hackers, who initially demanded EUR 20,000 in Bitcoin for the decryption key. The firm owners initially negotiated with the criminals. Since operating an accounting firm without access to client data is impossible, various options were considered. Following an exchange of information, the hackers agreed to lower their financial demand to EUR 8,000.

Perceptus specialists engaged in communication with them to verify if the criminals could actually decrypt the infected files upon payment. Samples of encrypted data were sent, and indeed, they were restored to their original state. Ultimately, the company owners decided not to pay the ransom. It turned out that some data had been preserved on an external drive disconnected from the network; the rest they decided to recreate manually.

Why the client’s network was encrypted?

The recent years, marked by the SARS-CoV-2 pandemic, led to a massive rise in remote work. This is understandable, as it is convenient for both employees and employers in many cases.

Unfortunately, remote work setups are not always prepared according to cybersecurity principles. In many instances, remote connections to the corporate network are not encrypted in any way. A Remote Desktop (RDP) used for external logging is easy to track because it is visible on the internet. Cybercriminals scan for such unsecured remote desktops and, once they have the address, test possible passwords using methods like brute-force or dictionary attacks. Once the password is cracked, the path to the corporate network is wide open.

Often, file encryption does not happen immediately. Attackers remain hidden and verify how data backups are performed within the network. Data encryption only occurs after infecting all available backup copies.

How was cybersecurity improved to prevent future problems?

How can you avoid having your company’s data encrypted again? Above all, you must improve the elements that failed. The owners of the accounting firm correctly concluded that investing in network security and other systems is essential for the stable and secure operation of the company.

1. Perceptus provided a UTM device to secure the corporate network, featuring securely encrypted remote connections.

2. A NAS device (file server) was also provided, where secure snapshot backups are now performed.

What are the benefits of snapshot backups?

Users can restore their data to a previous state by choosing which copy to revert to. By “going back” to a specific point in time – e.g., before a certain hour or day, depending on the frequency and retention of snapshots – they can restore a copy that is clean from any infection.