The Gravity IT Blog

From Crisis to Recovery: How one business survived a malware attack on their IT system

malware attack: stressed woman looking at computer screen

Businesses rely on their IT for everyday operations, so a malware attack is disastrous.

Malicious malware attacks cause down time, frustration, stress, reputation damage and loss of productivity. There are significant recovery costs in time and money, especially if a ransom is involved.

Here’s how we helped one local business rebuild a secure IT system after being the victim of a malware attack. 

Tuesday morning: We got a call from the business owner who we’d done some work for previously. They had just discovered that they’d been a victim of a ransomware attack.

All their files were encrypted, and they couldn’t open anything. One of their computers wasn’t working at all. Even the files that had synced to the cloud were encrypted. Nothing was working. The client panicked.

“How will I ever recover from this?”

We advised the business owner to turn the computer off immediately, and sent out our rapid response team so they had specialised tech support on site.

When we arrived, we discovered that all the business data was encrypted from the malware attack, including old emails from a previous provider. We took a backup of the encrypted data in case we needed to pay a ransom at any stage. Our IT technician investigated the computer to see if there had been further malicious activity and if the device was still compromised.

On reviewing the log, we found that the antivirus had been disabled. The log showed that the first attack had been stopped by the antivirus, but the hackers had remotely accessed the computer to turn off the antivirus.

The best way to prevent a reoccurrence was to rebuild the computer. This meant re-formatting and installing Windows from scratch. We utilised the OneDrive feature that takes backups and recognises ransomware or malware. This feature provides a restore point just before the ransomware had hit.

Doing this restored 85% of the business data which was a great start. The other data wasn’t saved on OneDrive but had been saved in a local drive on the computer. There were old backups of the core business application in OneDrive but they weren’t up to date.

This meant lots of additional re-work and hours of tedious data entry for the client. 

  • going back through emails
  • checking bank statements
  • cross-checking payments
  • reviewing invoicing
  • following up clients

It was a huge headache to bring the system up to date after the malware attack.

The other lost data was from the client’s old archived e-mail address. Losing a portion of emails from that old e-mail system meant they were in a really difficult position.

Realising how serious the situation was, the business owner wanted to safeguard her business so it never happened again.

“I want to do this right!”

Once the data was recovered we set up the emails again and tested all the computers in the office to check they weren’t compromised. We talked with the business owner about increasing security measures and business continuity by putting comprehensive back up measures in place. Thankfully, our proposal was approved immediately and so we started work straight away.

Wednesday morning: We were able to implement the new security measures remotely, so we checked in with the client to confirm that the system was stable and secure. There was a definite sense of relief when she reported that everything was running as it should.

Thursday morning: While it wasn’t essential and not something we’d suggested, the client asked us to order new, faster computers with more inbuilt security features. This business owner had been badly burned and was desperate to do everything in her power to stop a similar ransomware attack happening in the future. 

Our IT experts delivered, installed and set up the brand new computers, reassuring our client that everything was now secure. Along the way, we explained the improved security measures and educated the team about how to avoid another malware attack.

Hackers, phishers and spear phishers send blanket emails and prey on people with false and misleading messages. It’s incredibly important to be vigilant about what emails you use and what links you click, especially when you’re using a work computer.

The sad fact is: 90% of cyber security breaches are due to human error.

People click on a dodgy link and open their computers up to ransomware, malware and all sorts of terrible stuff.

We explained e-mail filtering and how to spot a suspicious e-mail.

  1. Check the email has been sent from a legitimate e-mail address.
  2. Review the web address in any link.
  3. Check the spelling and grammar of the email.
  4. If in doubt, ask your IT provider to review before clicking on any unknow or unexpected links.

The happy ending after the malware attack…

The business owner is now one of our Managed IT clients. Her business is much more secure and efficient because we’re proactively monitoring her system for real-time threats.

At Gravity IT we’re all about protecting our clients.

We’re working hard in the background to test and build a portfolio of trusted, reliable security products and services to protect our clients’ valuable data. We’re actively investigating ways to keep businesses more secure, and as such, transitioning from being a Managed Services Provider (MSP) to being a Managed Services & Security Provider (MSSP).

We deal with the IT stress, so you can get back to work.

You should know, like and trust your IT team.

Since 2014, Glenn and his select team of IT experts have been working with small to medium businesses across Australia.

We take a multi-layered, proactive approach that means our clients avoid problems before they happen.

What to expect when you work with us

N
Integrity
N
Honesty
N
Responsiveness
N
Practical, real-world solutions
N
Service that exceeds expectations

Our Services

Cyber Security
Hardware & Software
Managed IT
Managed Backup & Business Continuity
Microsoft 365
 

Head Office

Unit 1, 4 Edge Street
Boolaroo, NSW

Hours

M-F: 8.30am - 5pm
S-S: Closed

Gravity IT team

© Gravity IT Solutions 2024. All Rights Reserved.