One of my clients has been the victim of ransomware, delivered via an email attachment which was opened by an employee (supposedly about a Fedex delivery). Apparently all files on the whole network were encrypted, which included all recent backups, and their business critical database. Their IT guy spent a day researching the issue, and apparently the only practical advice found was to pay the £250 ransom. They did so (getting hold of the bitcoins was an “adventure”) and fortunately their files were duly decrypted as promised.
They concluded that the infected computer should be permanently quarantined and replaced. However, there were two further issues which none of the online information pages had mentioned.
1. The decrypted database could not be opened; it was reported to be corrupted. They were forced to purchase a third party repair product. Luckily this worked, but it also recovered all the old deleted records, so a lot more computer work was then needed.
2. At some point during this attack, the contents of the database must have been stolen via the Internet. A couple of days after the incident, a series of very dodgy SMS messages were sent to private mobile phone numbers which were only held in that database. This included staff and customers, who, therefore, had to be informed of the theft of some very private personal details, and advised on defensive action. The industry regulators and the Data Protection Agency also had to be informed, of course.
All in all, substantial expense and disruption, and a huge amount of damage to the business, caused by the careless opening of an apparently plausible attachment. This episode also underlines the advantage of rotational backups onto removable media.