Colorado Company Taken Down By Ransomware And What That Means for Your Business

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

According to Statista, there were 184 million ransomware attacks in 2017 and the average ransomware demand is over $1,000. Individuals, organizations, and companies have fallen victim to these attacks.

Most people recognize the fact that ransomware is a danger, but they may not realize that it can actually destroy their company.

The recent closure of Colorado Timberline after a ransomware attack is a solemn reminder of the seriousness of the dangers of ransomware.

What Happened to Colorado Timberline?
Colorado Timberline, a printing company in Denver, was forced to cease operations for an unspecified amount of time after a severe cyber attack.

A statement on their website dated September 12th stated that they had been the victim of several recent cyber attacks, but the last – a ransomware attack – was something they would not be able to immediately recover from.

What Happened in the Ransomware Attack?
The data locker ransomware attack took place on the evening of August 14. The ransomware accessed their database server and encrypted the files it contained.

The issue that Colorado Timberline ran into, according to an explanatory post for their customers via their Facebook page, was that the hackers insisted that physical access to their files was necessary in order to obtain the encryption key even if the ransom were paid.

Colorado Timberline explained that it was not a matter of paying the ransom, but granting the hackers further access to their data was their greatest concern.

Instead, they opted to make use of their data backups to restore the system and had their IT staff doing their best to extract as much data as possible from the encrypted database server.

About Colorado Timberline
Colorado Timberline’s LinkedIn Page indicates that they had between 200 and 500 employees and that they had been in business for five years. They specialized in printing, including vinyl, apparel, banners, glass etching, and large format applications. In 2017 they were acquired by two out-of-state companies and their owner left in May. What impact that may have had on the decision to cease operations is not known.

How Data Locker Ransomware Works
Data locker ransomware malware (also known as a crypto ransomware) gains access to a computer, then it begins to search through the file system to find data that would be of value to the victim. It stays hidden as it both searches for this data then encrypts it.

Once the encryption is complete, the malware alerts the user with a message announcing that data has been taken hostage and encrypted. It will indicate how the ransom is to be paid (usually in a type of cryptocurrency, ironically) and how long before the decryption key is destroyed and the data rendered useless.

The first wave of modern ransomware attacks began to take place in 2015, according to “The Evolution of Ransomware” published by Symantec. The history of ransomware, however, can be traced back to 1989 where the first target was healthcare data systems. Now any company with valuable data is a target for attack. And, as with any type of hacking activity, the methods for infecting a computer with ransomware are continually evolving and improving. It is important for every business and organization, small or large, to make sure their cybersecurity systems are powerful enough to protect them and up-to-date against the latest threats.