This company was hit by ransomware. Here’s what they did next, and why they didn’t pay up
It started out as a normal Thursday for Tony Mendoza, senior IT director at Spectra Logic, a data storage company based in Boulder, Colorado. And then the ransomware attack began. “We got some notifications of some system failings and it quickly turned into a lot of unrelated systems failing, which is really abnormal,” says Mendoza. He realized that the company was under attack – and that its files were being encrypted. “When it hit, we ran to our server room and data centre and started pulling plugs out so it couldn’t propagate itself – which brought our entire infrastructure down,” he says. In total, three-quarters of the production environment was compromised with ransomware.
The hackers left a ransom note demanding a payment of $3.6 million in bitcoin in exchange
for the decryption key. “Figuring out what it was was fairly simple, because they tell you who they are, and they tell you where to send the money. It was NetWalker because it said so in the ransomware letter,” explains Mendoza.
Another problem: the attack came in May 2020, when many employees had just started to work remotely because of the COVID-19 outbreak, so there was no way of easily
communicating what was going on outside the building.
Despite that, the IT team had to assess the damage that had been done and what the options
were for getting data back – if it was going to be possible at all. There was some hope – the
company had backups, which were separate from the rest of the network and safe from the
“We’re still under attack, we’re still trying to stop the bleeding, we still don’t know what the
extent of the damage was – but we knew we had data to work with,” says Mendoza.
Every organisation that falls victim to a ransomware attack ultimately has to face one major
question – do they they give in to the ransom demand in order to retrieve their data?
Cybersecurity companies and law enforcement agencies around the world argue against
giving into extortion surrounding ransomware attacks, because not only does it hand over
hundreds of thousands or even millions of dollars in bitcoin to criminals, it proves that the
attacks work, which encourages ransomware attackers to continue with campaigns.