An engineering firm has paid attackers $1,300 after ransomware encrypted its servers along with its data backup system. The infection occurred when bad actors targeted DGH Engineering Ltd. with a malicious email. An employee at the firm clicked on a clink contained therein. This action paved the way for crypto-ransomware to encrypt the company's servers along with its data backup system. As of this writing, it's unclear what strain of ransomware affected the organization. Dave Hackett, general manager of DGH Engineering, was one of the first employees to discover the infection. He told Daily Mercury he feared for the confidentiality of the sensitive commercial information as well as the payroll data of 190 employees stored on those affected servers:
It feels like being robbed and violated at the same time. Initially, you just don't know what they have done. Did they come in and take information out? You just don't know.
The ransomware crippled DGH Engineering's servers for four days. During that time, employees worried they wouldn't receive payment on time. But administrative staff calculated the company's payroll manually to make sure everyone received payment on time. The company ultimately paid those responsible for the infection $1,300 in ransom. Echoing guidance previously given by the FBI, EHW Tech managing director Eddie Woodwell said there was no other option:
DGH would be the worst incident that we have ever had because they (the hackers) encrypted the backups as well. They had no choice. They had to pay it.
DGH Engineering made its payment after negotiating the ransom demand down from $20,000 in Bitcoin. To protect themselves against ransomware infections, it's important that companies create a robust data backup strategy. Such a plan should include multiple backup copies across multiple formats. That way, organizations will still have a backup if one fails or is encrypted by crypto-malware. Organizations and users can also work to prevent a ransomware infection by following these tips.
