What is your Disaster Recovery Plan (DRP)? Have you discussed it with your wider team, or even your software partner like Professional Advantage (PA)?
Without a DRP, or with one that does not fully meet your requirements, your organisation can suffer dire consequences if you are the victim of a ransomware attack.
Real life stories:
At PA, we have heard many stories of ransomware attacks. One particularly chilling one has prompted us to bring ransomware DRP woes to the foreground again with this blog.
This client was very proactive at backing up their solution and data. However, whilst their backup was not on the same server as their production environment, the two were connected. Imagine a house if you will: their backup was sitting behind a closed door in a cupboard. However, when the ransomware attack happened, they were able to encrypt not only their production environment but also their backup; when the burglar broke into the house, they ransacked the house and also opened the cupboard door to the backup.
The end result: they had been using their ERP solution for almost a decade, and all of that information was now lost to them. They are now forced to work from spreadsheets and paper documents, with previous time, money, and paper-saving workflows no longer existing. Their efficiencies have regressed before they implemented this solution.
This client had a DRP and was diligent with their backups, but that connection between the servers let them down. More worryingly, this connection seems to be more common in organisations than you would think.
If their backup had not been attacked, this organisation could have been back up and running within a week. Instead, they are looking at being without a functioning ERP system for four months!
If the backup had remained, they could have reached out to PA, and we would have worked with the organisation to re-install their financial solution and restore their backup. Instead, they are facing a brand-new implementation, which involves:
- Ensuring the ransomware attack has not spread to other areas of the organisation, ready to be released when a miscellaneous folder is opened.
- Referring back to their original solution design document from when they first implemented the solution.
- Completing workshops to tweak the solution that they now need from their original specifications.
- Organising a new environment:
- The original, now encrypted, servers are useless, so new servers need to be purchased and set up.
- This may start a conversation about moving to the cloud, which brings the future benefit of an upgrade to their DRP ensuring their backups are stored separately to their production environment.
- Writing up their chart of accounts.
- Designing their layouts for invoices, statements, and remittances.
- Entering all their transactions from this financial year manually and hoping that they have everything available either electronically or in paper format to do that.
Why not just pay the ransom?
A ransom price was demanded from the attackers. However, an external cyber security team was brought in for assistance, and they confirmed that this particular attacker could take months to return their data, and it could be incomplete. It does seem counterintuitive of the attackers to not restore information on payment, as news of this habit obviously spreads and stops any future victims from paying.
The organisation decided against paying the ransom.
The importance of cyber security insurance:
Many organisations now have cyber security insurance, and if you don’t, we highly recommend you think about it. This insurance is there to support organisations in paying the ransom fee, and/or getting an organisation back up and running after the attack, whether that be implementation, re-implementation, or just restoring a backup.
When it comes to organising paperwork for your insurance company, PA can and has provided cost estimations and organised invoices to outline each cost.
Is your cyber security insurance up to date and relevant for your organisation?
If you have a disaster recovery plan and want to discuss it and ensure it is as healthy as it can be; if you want to upgrade your disaster recovery plan; or if you need to put a disaster recovery plan in place, reach out to Professional Advantage either through your Client Success Team or our reception.