How One Company Survived a Ransomware Attack Without Paying the Ransom

Slashdot reader storagedude writes: The first signs of the ransomware attack at data storage vendor Spectra Logic were reports from a number of IT staffers about little things going wrong at the beginning of the day. Matters steadily worsened within a very short time and signs of a breach became apparent. Screens then started to display a ransom demand, which said files had been encrypted by the NetWalker ransomware virus. The ransom demand was $3.6 million, to be paid in bitcoin within five days.

Tony Mendoza, Senior Director of Enterprise Business Solutions at Spectra Logic, laid out the details of the attack at the annual Fujifilm Recording Media USA Conference in San Diego late last month, as reported by eSecurity Planet.

“We unplugged systems, as the virus was spreading faster than we could investigate,” Mendoza told conference attendees. “As we didn’t have a comprehensive cybersecurity plan in place, the attack brought the entire business to its knees.”

To make matters worse, the backup server had also been wiped out, but with the help of recovery specialist Ankura, uncorrupted snapshots and [offline] tape backups helped the company get back online in days, although full recovery took a month.

“We were able to restore everything and paid nothing,” said Mendoza. “Other than a few files, all data was recovered.”

The attack, which started from a successful phishing attempt, “took us almost a month to fully recover and get over the ransomware pain,” said Mendoza.