According to Statista, there were 184 million ransomware attacks in 2017 and the average ransomware demand is over $1,000. Individuals, organizations, and companies have fallen victim to these attacks. Most people recognize the fact that ransomware is a danger, but they may not realize that it can actually destroy their company. The recent closure of Colorado Timberline after a ransomware attack is a solemn reminder of the seriousness of the dangers of ransomware.
What Happened to Colorado Timberline?
Colorado Timberline, a printing company in Denver, was forced to cease operations for an unspecified amount of time after a severe cyber attack. A statement on their website dated September 12th stated that they had been the victim of several recent cyber attacks, but the last – a ransomware attack – was something they would not be able to immediately recover from. The page that contained this statement no longer exists, but a similar statement was posted on their Facebook page:
Dear valued customers and suppliers of Colorado Timberline;
It is with great difficulty and a heavy heart that we must inform you that effective immediately Colorado Timberline has ceased all operations indefinitely.
We have recently been plagued by several IT events, unfortunately, we were unable to overcome the most recent Ransomware attack and as a result, this unfortunate and difficult decision was made.
We greatly appreciate the support and loyalty from each of you over the years.
Management of Colorado Timberline
Their Facebook page now lists them as permanently closed.
What Happened in the Ransomware Attack?
The data locker ransomware attack took place on the evening of August 14. The ransomware accessed their database server and encrypted the files it contained.
The issue that Colorado Timberline ran into, according to an explanatory post for their customers via their Facebook page, was that the hackers insisted that physical access to their files was necessary in order to obtain the encryption key even if the ransom were paid.
Colorado Timberline explained that it was not a matter of paying the ransom, but granting the hackers further access to their data was their greatest concern. Instead, they opted to make use of their data backups to restore the system and had their IT staff doing their best to extract as much data as possible from the encrypted database server.
This was not the first cyberattack that this company suffered, nor was it their last. Their Facebook page also indicated some issues on August 20th that had brought down both their website and phone lines.
As of September 12th, the doors at its physical location had been locked and closure announcements were posted in both English and Spanish. In an unusual twist, they had apparently just launched a new website tool for orders the day before the close was announced.
About Colorado Timberline
Colorado Timberline’s LinkedIn Page indicates that they had between 200 and 500 employees and that they had been in business for five years. They specialized in printing, including vinyl, apparel, banners, glass etching, and large format applications. In 2017 they were acquired by two out-of-state companies and their owner left in May. What impact that may have had on the decision to cease operations is not known.
How Data Locker Ransomware Works
Data locker ransomware malware (also known as a crypto ransomware) gains access to a computer, then it begins to search through the file system to find data that would be of value to the victim. It stays hidden as it both searches for this data then encrypts it.
Once the encryption is complete, the malware alerts the user with a message announcing that data has been taken hostage and encrypted. It will indicate how the ransom is to be paid (usually in a type of cryptocurrency, ironically) and how long before the decryption key is destroyed and the data rendered useless.
The Dangers of Ransomware
Even if a business or organization does have a backup of the data that has been taken hostage, they most likely have not tested the backup system to be sure that it works. Furthermore, any delay in getting systems back on line can quickly cost money in terms of sales as well as potential customers. If word gets out that a company has fallen victim to a cyberattack, it can negatively impact their reputation. Customers are naturally reluctant to risk sharing their financial data with a company that has been compromised in the past.
The first wave of modern ransomware attacks began to take place in 2015, according to “The Evolution of Ransomware” published by Symantec. The history of ransomware, however, can be traced back to 1989 where the first target was healthcare data systems. Now any company with valuable data is a target for attack. And, as with any type of hacking activity, the methods for infecting a computer with ransomware are continually evolving and improving. It is important for every business and organization, small or large, to make sure their cybersecurity systems are powerful enough to protect them and up-to-date against the latest threats.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.