Case Study: Cryptolocker Outbreak

Security

Our client is a electrical utility in Ontario.

The Challenge

Using her corporate laptop, an employee visited a website that had been infected with the Cryptolocker Virus. Cryptolocker is a virus that is used to extort a ransom from victims, infecting the host computer and encrypting all of it’s files, rendering them unusable and unreadable. The virus requests payment to restore all of the files.

In this case, because the laptop was part of a larger corporate network, the virus began to spread to the shares the user had access to on the file server and within hours, many of the corporate files, including the financial documents, had been encrypted and were no longer accessible.

The Solution

Responding to a viral infection such as Cryptolocker is a two-part process. First, identifying, isolating and removing the infection, and then recovering the files that have been corrupted to allow business operations to continue.

As soon as the outbreak was identified, Horn IT was able to quickly identify the computer that was the source of the infection, and to wipe it’s hard drive, removing the virus, as well as all additional files.

Luckily for our client, Horn had already implemented a Datto backup system, which meant that reliable, restorable and recent backups of all of the corrupted files were available. The client’s file were able to be restored to a point in time prior to the infection, including important financial documents which would otherwise have been lost.

The Results

Despite the breach, with Horn’s monitoring and quick response to the virus outbreak, our client experienced only 2.5 hours total of downtime and was able to recover all of their files, as though the whole thing had never happened.

Horn IT Security Monitoring + Datto Backup System = Total System Security