Logo Spinbackup.com

Case Study: Ransomware Case at Gurnick Academy of Medical Arts. How to Protect Your Organization

Case Studies 0 1167
Case Study: Ransomware Case at Gurnick Academy of Medical Arts. How to Protect Your Organization

Ransomware Case Study

Gurnick Academy of Medical Arts is a private nursing school in California with around 400 employees and over 2,000 students.

A few months ago the school faced a data loss disaster when an instructor inadvertently infected his classroom computer with ransomware that had been brought from home on a USB drive. When the instructor tried to access his lectures, he found that all the files had been encrypted. Instead he was faced with a ransomware note demanding 1 bitcoin ($740) to decrypt the files.

Luckily the IT department identified the issue at an early stage and was able to stop the malware spreading throughout the entire corporate network. Instead of paying the ransom, the instructor chose to re-create the encrypted files that had not yet been backed up.

The Aftermath of Ransomware Attack

While a backup had been made of the files previously, some recently created files had not been backed up. This work had to be re-done and there were several hours of downtime when the instructor was unable to teach or work while his system was completely re-installed and the files were recovered.

Because the instructor also had Google Drive sync running on his PC, the encrypted files had also been copied to the cloud. Many instructors at the school work from USB drives and then sync files to the cloud as this allows them to prepare lectures from anywhere.

However in this case the USB was the weak point that allowed the malware to infect the system. The instructor admitted that he had had some issues with viruses on his home computer and was unable to open files. Instead he decided to try and open the files on his office computer, at which point the malware was able to infect the corporate system.

Luckily thanks to the work of a quick-acting IT team, the infected machine was disconnected from the network before it was able to create too much damage. However the ransomware had already spread throughout the network very quickly. If this had not been noticed, the problem could have been much more severe.

How Spinbackup Has Helped Gurnick Academy to Prevent Future Ransomware Infections

After the incident, the IT team realized that their current systems were insufficient to protect the files on the corporate network. While anti-virus software was installed, the majority of ransomware infects as a trojan, not a virus, and the anti-virus software is unable to detect it.

The backup system at the school was also insufficient. While regular local backups were in place, the cloud was not being utilized for backup and because many of the instructors were relying on Google Drive to sync their files directly from USB, they were vulnerable to this type of malware as the files may be infected before they could be backed up by corporate systems.

1. Ransomware Protection: Versioning and Suspicious Emails Blacklist

Teachers at the school spend on average 16-24 hours to create each new lecture, which equates to about $800-$1200. A teacher prepares about 30 lectures a year, which are stored in Google Drive.

If a data loss disaster were to occur, this could result in financial losses of between $30k and a million dollars for the school. This loss of prepared materials would be a disaster for any educational organization both in terms of financial losses and the time it would take to recreate these materials.

Instructors also commonly used their office computers and Google Drive to store personal files, which may include financial information and sensitive personal data. The IT admins were concerned at the consequences if this data was breached due to a malware attack.

Gurnick Academy realized they needed a more robust disaster recovery system that offered an automated, daily cloud-to-cloud backup solution to integrate with G Suite. Also important was the ability to restore a snapshot of data with one click, which would greatly reduce administration time in recovering from a ransomware infection.

After reviewing several products, the school decided that Spinbackup was the best option as it allows restoration of the entire G Suite account from a specific time.  Spinbackup uses version control to enable administrators to backup the exact version of files from a day and time of their choice. Even if the whole network has been encrypted, files can still be restored by selecting a backup that was taken prior to infection.

Spinbackup also provides an email blacklist feature that can be very useful when recovering from a malware attack. Malware is often spread via email and if an email containing malware is restored from backup, it could re-infect the system. Using Spinbackup, administrators can block unwanted emails from being restored so they do not pose any more risk.

Now that Spinbackup is installed at the school, infected files can be easily recovered from the last snapshot of data and there should be no lost files or need to re-create any work.

2. Insider Threats Detection

The advanced cybersecurity solution from Spinbackup was also a huge selling point for the school as it allows the G Suite administrator to monitor and manage third-party apps that have access to corporate data.

The academy has over 1,000 apps in the G Suite domain account and the administrator needed a tool to monitor and control data flow to ensure that data breaches in the Google cloud could be detected and corporate data was stored securely.

After using Spinbackup’s smart security scanner, the administrator found over 1,200 third-party apps that had access to corporate data and were installed by employees and students. Some of these apps were games and apps that were banned within the organization, including apps installed via mobile devices. The admin was then able to add these apps to the blacklist to prevent any future access to data.

Spinbackup’s smart algorithms also provided the administrator with a list of Google Drive files that had been shared with users outside the organization. These potential breaches could then be resolved with a single click by revoking access to the data.

The most useful feature that Gurnick Academy found within Spinbackup was the automated set of tools to detect and report common vulnerabilities within the cloud. As this feature is automated, it does not require much input or complicated IT skills in order to monitor and manage it and saves administrators valuable time in detecting threats that can be used for other tasks.

An additional bonus for educational organizations is that they pay only for administrative personnel users. All student accounts can be connected to Spinbackup, including backup and cybersecurity services, for free.

1,168 total views, 4 views today

Related Post