Ryuk Ransomware Incident Report

3 minute read

On Monday October 28, 2019, a local School District was hit with a ransomware attack, identified as a strand of “Ryuk”. AIS was contacted and addressed the situation quickly and efficiently, reaching out to the client to establish a timeline of events, identify impacted systems, and figuring out a general overview of the server environment.


A plan of action was developed, which included:

  • Establishing a detailed recovery plan, along with potential temporary triage to get your environment up and running as well as possible in the interim
  • Creating a plan to prevent similar future incidents
  • Contacting the cyber-security insurance firm and receiving guidance from them on how to proceed
  • Contacting law enforcement agencies about this situation, either directly or as advised by the insurance company.
AIS is currently working alongside firms engaged by the Client’s Cybersecurity Insurance Firm to get the environment back up and running, as well as implementing ways to prevent future attacks.

Internal resources that worked on this issue include 1 network engineer, 3 workstation techs, and a non-technical consultant.

What are the costs of a cyber attack?

The costs of such a cyber attack can be immensely detrimental. The financial costs for a similar attack can be estimated as follows:

  • Initial Ransom: $250,000
  • External Onsite Labor to rebuild: 3k + 13k + 12.5k = $28.5k
  • Insurance cost: Unknown at this time
  • Security Firm Cost: Unknown at this time
However, these are not the only costs associated with a cyber-attack. The indirect costs stem from the lack of productivity and functionality caused by the attacks. The longer your environment is out of service, the longer your team is going without productivity. Some elements of environment disruption to keep in mind include:

  • Days without basic internet: 3
  • Days without functional domain: 11
  • Days until full functionality is restored: 19
  • Potentially compromised data: Unknown!
How can you make sure your company is prepared and protected?

  • Proactive Solution-
    • AIS SIEM (Security Information and Event Management) Solution
      • This is a turnkey service providing real time analysis of security alerts generated by applications and network hardware through historical analysis of security events from an environment’s data sources.
      • The SIEM is constantly monitoring your network to alert you for possible security breaches so you can take immediate action to reduce the overall business impact and avoid finding out because a customer alerts you that you have been phished or your servers are bricked.
    • Cyber Security Incident Response Plan
      • AIS will consult to design a plan that is custom fit for your environment to mitigate data loss and reduce interruptions on your business operations.
    • Cyber Security Incident Response Plan- Table Top Session
      • AIS will come onsite, provide a real-life scenario and manage the session as your team responds to the incident according to your customized plan. Afterwards, AIS will work with you to debrief how the Table Top went, identify what went well, areas to be improved and how to implement those changes moving forward.
  • Defensive Solution-
    • AIS BDR (Backup Disaster Recovery) Solution
      • This is a turnkey service that provides a backup of your environment where even if you are hacked and ransomwared you will be able to rebuild your environment from backups that are unaffected by the attack.
This is an example of a real customer experience, response and how to plan according to best practices to be prepared for future incidents.

Last modified June 4, 2021
Get Started Now