ATPC Hit with Ransomware, Does Not Pay
What's the right way to handle a ransomware attack? This textbook case will shed some light.
On February 15, 2017: a company called ATPC (the Alternate Text Production Center) was hit with a ransomware strain. The E-mail that was sent to me indicated multiple things that I would like to highlight in this ever important effort in continuing to educate the public about this epidemic.
Firstly, the company had backups of everything that was currently set to be produced. While clients uploaded files through a protocol called FTP, the ATPC did have a policy in place about this access that would have to be changed after this epidemic. It wasn't a major change, but a change none the less.
Next, the notice was very straightforward in terms of what happened, steps they took to mitigate the attack, and what they were doing to make sure that it didn't impact them like this again. This was the most important thing they could've done.
Here is a recap of what they said:
- The FTP server had files up there, and the policy indicated that it was for short term storage. These files are small, even though they were books to be sent in braille or electronically to customers. Customers were allowed to have their files up for an indefinite amount of time until now.
- They made sure all files were backed up in multiple locations so if a file they needed to send either in braille or electronically was infected, they had clean copies. This was the most important step in this process. There was a January 2017 article on DarkReading.com titled "Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows" that discussed this very subject. Once you read it, you will know that most companies have no choice. I wrote about this myself, too, in a blog post which asked Are Schools Next In the Cyber Race? and a followup post that provided an update on the situation.
- They sent out a notice to their customers. This is very important, as you want them to know that you know about the issue, and what you're doing about it. They don't want to find out after the fact. LAVC called and e-mailed us, and even brought in experts which advised they should pay. LAVC is a lot larger than ATPC, but ATPC notified their customers and prevented that whole mess.
The points I've made and the articles I've linked out to should highlight that ATPC has done the right thing, especially considering that they are a small business. I don't think there is any other way of doing this without having to pay like LAVC did, and that took out their Internet and phone systems. While a few files were lost, they were easily retrieved elsewhere. This is a perfect case of something that went wrong, and the perfect solution to a very complex systematic problem of keeping us safe.
The ATPC is an agency that turns the printed text in to braille or audio for the blind individual. Braille is a form of reading that blind people need to use so they can read just like a sighted person reads with their eyes. Without paper, or a screen, there is nothing for you to read if someone said to read something you could not see.
Here is how this works.
- First, someone either transcribes something from print into braille.
- They upload this file, usually in a braille format.
- Then the ATPC mass-produces the file for the transcriber.
What happened in this example is simple. The ransomware got into their network and infected the files placed on the server, including those that were set to be produced that were still on the server.
You are more than welcome to check out ATPC's web site so you may learn more about their services if you would feel it would benefit someone you know who is disabled. To learn more about the Alternate Text Production Center please go to at www.atpc.net