23 March 2017

Print company suffers severe cyber-attack

The BPIF met recently with a print company who had suffered a severe cyber-attack. The whole ordeal has been an extremely traumatic affair, and even with the help of an IT friend who works with MI5, there has still been a great deal of damage done. One of the Managing Directors from the print company affected, kindly agreed to share his ordeal with the BPIF to warn other member companies across the industry and highlight what they have learnt.

1.When were you first aware that your business was being cyber attacked?

The cyber-attack happened in the middle of January this year. The server that was targeted wasn't connected to email or any web browser, so we believe that they used brute force attack on the server (trying multiple passwords and user names to gain access) and plant the virus in the server. The virus went undetected for a week and then one day we came in, the server computer screen was blue and we had been issued a ransom demand.

2.Can you explain about what happened after the ransom demand was issued?

Our first thought was what the hell are we going to do, the virus had also locked our backups and 5 years with of data completely gone, every invoice, quote etc. completely wiped. The demand was for 3 bitcoins, which is recognised as a digital currency and is frequently used by criminals on the ‘dark web'. We went to the police who suggested that we don't pay anything. We negotiated to pay 2 bitcoins worth about £800 each, unfortunately the criminals simply replied saying ‘we know you have money, this isn't enough'.
A few days later we discovered that luckily the MIS company we use had taken a complete back-up of our system in December to solve a problem, which they hadn't yet deleted of their system. This enabled us to get all our data back with only about 6 weeks of work completely missing.

3.Did you have any security measures already in place? Such as cyber security insurance?

We didn't have cyber insurance, but we had insurance. We're now speaking to them about making a claim for the recovery of data, but a lot of money and time has been lost due to this cyber-attack.

4.How was your business affected? Any areas in particular?

The entire business was affected. The business was severely impacted for about 2 weeks, while we tried to recover data, have the server formatted and installed we also needed to do an entire sweep of every PC/Mac in the business. It took another three of weeks to manually enter the paper trail for the missing data that we couldn't recover. At the same time we were trying to carry on businesses as normally as we could, it was a painstaking slow process trying to manually work out prices for jobs and was incredibly time-consuming.

5.How did the attack affect your staff? Morale? Emotionally?

The whole company was affected. A lot of staff didn't even know that this could happen, they were incredibly frustrated and angry and it put a lot of pressure on them. There were points where we thought that we might have to let staff go and down size. For me and my business partner there were many sleepless nights .

6.How long did it take the business to recover from the cyber-attack?

It took several weeks to get the business to a point where it could just about function. It was only by pure luck that our MIS company had a back-up of our system that meant we could recover most of our data otherwise I really don't know what position we would be in now.

7.What have been the financial implications to your business following the cyber-attack?

It's cost us tens of thousands of pounds. The 2 bitcoins alone cost us over £1600. It took the IT company 60 hrs of their time trying to get everything back. Not to mention the overtime our team suffered to try and get the company back up and running. We have also spent a large amount on updating our IT systems and security.

8.What measures have you taken since the cyber-attack to prevent this happening again?

We have had a complete overhaul of our IT systems. PCs and Macs have been reformatted and more software installed. We got rid of our old Wi-Fi network, and now have 2 separate Wi-Fi networks one for internally use and one of externally use for customers if they're visiting. On our internal Wi-Fi network phones cannot be connected. Every PC or Mac has a 12 character password, which is changed every month. We back up every hour and have maintenance checks run every night to ensure that this doesn't happen again. We back-up not just to our servers but also to cloud based servers, so if anything was to happen we could get everything back within a few hours to the minute before an incident happened.

9.What have you and the business learnt from this cyber-attack?

If you think you're safe, think again! You are not...

Any business can suffer a cyber-attack, the only way to stop this from happening would be to have no internet and I don't know any company that could function without internet. It's a terrifying thought that our company, which had taken us 13 years to build up, could be brought to its knees in a matter of days from one cyber virus.

10.What advice would you give to other print companies about their cyber security?

Back-up, back-up, back-up and make sure your back-up is backed up! And pay a reputable IT company to look at a failsafe disaster recovery programme.

Before this cyber-attack we thought we were computer savvy, but this showed us that we were not. Companies should really consider the worst case scenario and plan their disaster recovery for it. We've already started speaking to some of our own clients about their cyber security and ways in which they can improve.

11.Are you considering taking part in the Government's cyber essentials programme?

It's not something I have looked into yet, but think it could be very useful and something that I would definitely be happy to engage in.

If you would like to know more about the Government's cyber essentials programme click here.