It's all part of the extortionist's business model - the cost of reinstating encrypted files (assuming such backups exist for all lost files) - costs more than the ransom. An unknown but growing number simply pay up because it's the cheapest option.
Managed security provider and IT consultancy Alchemy Systems was called in by the victim, presumably by this point pretty desperate for some way out. Alchemy describes the clean-up as taking about a day with systems fully restored in a week.
With the current AV unable to detect let alone stop the ransomware in question, Alchemy installed Panda Security's Adaptive Defense 360, a cloud-based system along with "beefed-up" endpoint security and continuity systems in case of a repeat attack.
"As is often the case following the attack the building consultancy wanted to ensure that nothing like this happened again," comments Panda's marketing manager, Neil Martin.
"Traditional antivirus solutions based on signatures, heuristics and behavioural analysis are reactive and there is always a latency, we call the 'window of opportunity', between the malware being created and subsequently blocked.
The cybersecurity firm calculates that around a fifth of new malware goes undetected by antivirus in the first day of its existence, more than enough time to do serious damage.
He argues that the cloud-based design of Adaptive Defense 360 is better suited to stopping current malware than a simple endpoint client of the sort used by many home users and SMEs. Defence needs far more layers to have a chance.
Panda Security's Adaptive Defense 360 takes this further through continuous endpoint monitoring of all processes, gathering 1000's of features on each such as 'where did it come from, 'how did it execute', 'on which system'. All of these are used as part of the machine learning along with manual checks from Panda Labs Experts that identifies and blocks malware.
"We don't allow anything to run until we know exactly what it is."
The victim in this case was understandably unwilling to reveal itself. Many other victims aren't even written up at all. Some even suffer in silence, middle through or, sad to report, pay up.
It's a dark experience more and more UK SMEs and even large enterprises find themselves living though although smaller firms are in greater danger because they often lack the knowledge to cope.
When ransomware strikes - lessons?
There are no simple or comforting 'what to dos' to draw from the incident. It was a typical ransomware attack on a UK SME that was poorly defended to resist this kind of predation. What is clear is that organisations of all sizes can't rely on cybersecurity based on single layers of defence that fail gracelessly. More layers are needed so that there is not one single and brittle weakness that can be bypassed.
Sign up for CIO Asia eNewsletters.