A Tale of 2 Ransomware Attacks — and What They Can Teach You

Bottom line upfront: Having a Managed Security Service Provider (MSSP) monitor your digital infrastructure for cyberattacks is smart. Empowering that MSSP to deploy a 24/7 Security Operations Center (SOC) — that’s even smarter. But not having any third-party expert helping you protect your corporate data from hackers? Don’t even think about that.

Regardless of your industry, company size, or the types of data your employees transmit and store, the odds are strong that your organization will be the target of a ransomware attack.

Mid-2022 data from Statista, for example, shows that ransomware hackers hit 71% of all businesses globally in 2022. This continues the awful trend of year-over-year increases, from 56% of all companies in 2019, to 62% in 2020, to 68% in 2021. Ransomware attacks are increasing in size and scope because they pay off. And they pay off because they can cause businesses significant pain.

In fact, two of these attacks hit Valeo Networks’ clients in 2022 — and the different outcomes from these incidents can offer you some important lessons about how your organization should be protecting itself. Here’s a brief overview of each story.

MSSP + SOC = Ransomware Attempt Thwarted

One of our clients, a large manufacturing company, was the intended victim of a ransomware attack that fortunately failed.

The incident:

Cybercriminals attempted to install a remote-access client into the company’s system to gain admin credentials, which would have enabled the hackers to install ransomware.

The result:

Because this manufacturing company had signed up for Valeo Networks’ Security Operations Center (SOC) service — which includes 24/7 Managed Breach Detection and Response — the company had our team of trained SOC analysts monitoring their IT infrastructure around the clock. The team spotted the attempt in real-time, immediately isolated the affected systems to protect the rest of the company’s digital environment, and managed to localize the damage to a single office and a few desktop computers.

The cost:

As a result of the SOC team’s quick reaction, our manufacturing client didn’t suffer any compromised servers, company downtime, or lost revenue. And they didn’t face the awful dilemma of having to choose between paying the ransomware hackers or losing access to mission-critical systems.

In fact, the only cost related in any way to this thwarted hacking attempt was the $1,446 monthly service fee our manufacturing client was paying for its SOC service agreement.

MSSP – SOC = Ransomware Attack Minimized

Another Valeo Networks client, a large hospitality company, was the victim of a semi-successful ransomware attack.

The incident:

These hackers took a similar approach to those who tried to breach the systems of our manufacturing client: Installing a remote-access client into the company’s system to obtain the admin credentials that would enable them to install ransomware.

And because this hospitality company had opted not to sign up for Valeo Networks’ Security Operations Center (SOC) service, they did not have a security team monitoring their digital infrastructure 24/7. As a result, this team of cybercriminals did manage to load their malicious code into the company’s digital environment.

However, even Valeo Networks’ standard Managed IT Services package includes alerts sent to our security team anytime our Remote Monitoring Tool detects a potential threat to a client’s systems.

When our team received that alert, they quickly logged into one of the compromised servers and saw the hackers’ movements in real-time. And when the hackers realized our team was onto them — and tried to uninstall our RMM tool — we were able to terminate their access, change the relevant passwords, and remove their malicious toolset from our client’s environment.

The result:

Although Valeo Networks’ security team managed to stop this attack in progress and prevent what would have been a far more serious breach, the hackers did manage to install their ransomware on several servers, temporarily locking the client out of those systems. They then demanded roughly $150,000 USD in Bitcoin.

But our client didn’t have to pay that ransom, because Valeo Networks’ security team went to work and, within a couple of days, restored the client’s access to the compromised servers.

The cost:

As our hospitality client discovered, there was a substantial difference between having 24/7 Security Operations Center service — and not having it.

Although this client wasn’t forced to pay the ransomware attackers anything, the labor incurred by Valeo Networks to restore access to all affected servers — which totaled 148 person-hours — cost the company $21,536.25. And this doesn’t take into account the additional costs in incidents like this: the days of downtime and potential loss of revenue as a result of that downtime.

The Takeaway: Your Best Protection Is Managed IT Services with an SOC Agreement

If there’s one lesson to take from these incidents, we hope you’ll see the clear hierarchy of benefits in the different ways you can protect your company against ransomware and other types of cyberattacks.

You can do nothing.

Unfortunately, this is the approach many organizations take to dealing with the ongoing threat of ransomware. But think through what would have likely happened to our hospitality client if they didn’t have a Managed Security Service Provider getting an alert that hackers were infiltrating their system. Wouldn’t those hackers’ have likely gained control over all the company’s systems — and gotten most if not all of their ransom payment?

You can hire an MSSP — but opt not to sign up for 24/7 detection and response.

An MSSP can help you fortify your IT environment against hackers. Highly experienced and skilled MSSPs, like Valeo Networks, will react quickly when hackers attempt to breach your system. But if you’re not proactive, such as signing up for a 24/7 SOC service, even the best third-party IT team might not be able to prevent a ransomware attack before it causes any damage.

Your best bet: signing up for an MSSP and its SOC service.

With ransomware becoming a more prevalent threat every year, the smart move is to partner with an MSSP and deploy its Security Operations Center team to monitor your company’s digital environment every minute of every day.

That’s what our hospitality client chose to do, in fact, after suffering the ransomware attack that cost the company more than $20K. That company recognized the $1,446-a-month SOC fee provides both far more effective ransomware protection and a lower cost than reactively undoing the cybercriminals’ damage after the fact.

That’s our advice for you, too.