Ransomware: I’m infected, now what?

Scenario 1: Hollywood Presbyterian Medical Center

Ransomware strain: Locky

Sufficient data protection platform in place: No

Ransom paid: $17,000

Path to resolution: 10 days of negotiating and working with law enforcement

On February 5th, 2016, users found they could not access the Hollywood Presbyterian Medical Center network. Internal IT discovered that the network had been infected by Locky, and the attackers were demanding 40 Bitcoins (valued at $17,000 at the time) in exchange for the decryption key required to restore functionality. While the hospital negotiated the ransom, employees resorted to pen and paper for registrations and medical record updates. Despite working with local police and security experts, Allen Stefanik, president and CEO of HPMC, stated: “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”


Scenario 2: Armada Cloud Customer (Educational Institution)

Ransomware strain: Locky

Sufficient data protection platform in place: Yes

Ransom paid: $0

Path to resolution: One phone call

On April 26th, 2016, our customer’s IT department discovered 107,000 files encrypted with the Locky strain of ransomware. After assessing the scope of the infection, they called us for assistance. Because they already had an Armada Cloud data protection solution in place with an onsite appliance, replication to cloud, thorough data retention policies, and end-to-end encryption, it was a simple matter to perform a selective delete to remove infected versions and restore clean files so they could resume normal operations the same day we received the call.


It’s a question of When, not If.

Reports of ransomware are stacking up:

  • Hollywood Presbyterian ($17,000 paid – 10 days of downtime)
  • Horry County School District ($8,500 paid – 7 days of downtime)
  • Lukas Hospital (2 weeks of downtime)
  • Methodist Hospital (5 days of downtime)
  • Swedesboro-Woolwich School District ($125,000 demanded)
  • MedStar Georgetown University Hospital ($18,500 demanded)

And the list goes on. Given the stakes and frequency of attacks, it pays to be prepared. In addition to making sure that firewalls are up to date, users are given only appropriate levels of access, training is in place on opening unsolicited attachments, macros are disabled, and networks are properly segmented, a solid data protection solution that includes recent and encrypted backups of your critical systems and files is the best way to make sure you’re protected from ransomware and other malware.

Talk to Armada Cloud to determine if your data is adequately protected today.