Business Security

Avast helps small business recover from ransomware attack

Dominika Kalašová, 1 September 2017

This is the story of a small business held for ransom by hackers, and how Avast came to the rescue.

It’s a Saturday morning in April. Customers are beginning to trickle into a small, popular plumbing wholesaler in Northern Bohemia. But in the back, four employees stare at their computer screens, bewildered. Their accounting system has been blocked, they cannot issue invoices, and all files are suddenly inaccessible.

With no clue how to proceed, an external network administrator is called in to identify the problem. Graphic designs, accounting documentation, and all data has simply vanished. The administrator notices visible files ending with .wallet, which points to an unfortunate probability: their system has suffered an attack known as “CrySiS”, which has been an active threat since September 2015.  Even more unfortunate, the administrator can find no decryption tool to crack the ransomware. The only way to remove it, the unknown attackers claim, is to pay a ransom.

Ransomware doesn’t care

Ransomware is now one of the world’s largest online threats. And it’s not just the “big” companies that should take notice.

“Ransomware attacks are not only issues in large corporations,” explains Jakub Kroustek, Threat Lab Team Lead at Avast. “They also affect individuals, as well as small and medium sized businesses, which are vulnerable because often they may not have the time,budget, or expertise to devote to a high-quality internal security system.”

Decryption tools work better than ransom

Due to the CrySiS ransomware attack, business for the plumbing wholesalers came to a halt. After consulting with professionals, they knew paying the ransom would not guarantee the return of their files. While the IT administrator was able to restore the accounting system from a backup, all other documents, including price lists, were not recovered for weeks.

Meanwhile, experts at Avast Threat Labs had developed the necessary decryption tool. And thanks to the serendipitous friendship between an Avast engineer and an employee from the plumbing wholesaler, the network administrator of the plumbing company was among the first to implement  the protection tool.

“Thank you very much,” wrote Jan C. in an email to Avast Threat Labs. “Your decryption worked and we now have access to all of our files."

Big protection for small and medium companies

From January to March of 2017, Avast successfully blocked more than six million ransomware attacks worldwide. And in 2016 alone, Avast security experts successfully detected and shielded against more than 150 new ransomware strains. Avast currently offers 20 decryption tools for free. These tools are available for individuals and companies alike that have been affected by ransomware.

Our top tips to protect you from ransomware

  1. Install a reliable Antivirus tool on all your devices, including smartphones.
  2. Never open suspicious email attachments.  
  3. Think twice before you download any app or program to your PC.  
  4. Back up your data regularly onto an external, offline disk.
  5. If you were affected by ransomware, do not pay the ransom; check to see whether any of the widely available decryption tools can help you.