Home » Case Studies » Xantrion Rescues Plant Grower and Distributor from Ransomware

Xantrion Rescues Plant Grower and Distributor from Ransomware

Location: San Ramon, CA| Users: 500| Industry: Wholesale Plant Nursery
The Challenge:

Veteran plant growers know how to protect even their most delicate flowers and shrubs from threats like destructive insects and fungal infections. But when it came to protecting its IT infrastructure, a decades-old plant grower and distributor suddenly found itself vulnerable to an entirely different type of infection: ransomware.

On a Monday during a holiday weekend, the company’s CEO came into the office, intending to catch up on work and plan for the week ahead. But when he turned on his computer, he couldn’t open any applications or files. Instead, he was greeted with a message instructing him to send bitcoin to an email address in exchange for having his files unencrypted.

It turned out the business had become victim to an RYUK ransomware attack. RYUK is a type of malware dating back to 2018; it enables hackers to encrypt a business’s entire network, essentially holding the business’s IT infrastructure hostage until the business sends a ransom payment.

Unwilling to pay the ransom, the CEO immediately called his in-house IT manager, only to receive more bad news: While the company had been paying for a backup service, at some point the service discontinued its old software. Because the company had never received an upgrade, their backups had also been discontinued — even though they’d been paying for backups all along.

Meanwhile, the ransomware was spreading. It infected systems at all the company’s locations, and, on a holiday weekend, the company couldn’t find support close to home. The company even reached out to IT help desks in Australia and India…to no avail. The overseas help desks couldn’t help, either.

The Solution:

In the moments after the attack, company officials said they wished they could turn back time and invest in malware attack prevention, system testing, and verification of their back-ups. They knew it was time for a more holistic, comprehensive approach to their recovery efforts and their cybersecurity protections. They could no longer rely on a single in-house IT person or overseas help desks.

They turned to Xantrion.

Xantrion had come recommended by other service providers, and soon officials at the plant grower understood why. On the Tuesday after the attack, within hours of receiving the company’s call, a Xantrion team arrived at the company’s headquarters, bringing with them not just their expertise but several servers.

A monumental recovery effort commenced. Xantrion began building a new server infrastructure, incorporating whatever clean data the business still had on hand, including data from old backups. They also ordered dozens of new hard drives and began replacing them on computers throughout the company.

Because the company’s most sensitive data wasn’t impacted — including human resources data and customer credit card information — the business was able to open its doors to customers again once a couple of computers were back in operation. The company lost hundreds of thousands in sales and had limited operations for about a week, but without Xantrion’s help, the losses would have been even steeper.

The Outcome:

The impact of the attack lingered. For weeks, company officials felt as though they were caught flat-footed when customers asked about orders or documents they had emailed — these correspondences had vanished during the ransomware attack. They also wondered how the hackers got access to their networks in the first place, later determining that the likely point of entry was an employee’s errant click on a phishing email.

The company’s ordeal underscored the fact that the business’s leaders needed to protect against future attacks – they simply couldn’t afford to endure another serious hack. And they could no longer rely on the faulty assumption that small, regional businesses like plant nurseries could escape targeting by hackers. Their own experience proved otherwise.

Within a week of the attack, the company became a Xantrion managed IT client. Xantrion worked with the company to implement security protocols, strengthen its IT infrastructure and enact protocols to ensure backups are monitored and performed in a resilient manner. With Xantrion’s help, the company implemented two-factor authentication and identity monitoring, established employee training programs and deployed advanced protections to neutralize threats that arrive via email. The company also implemented internet and endpoint protection software, and instituted 24×7 network, system, and endpoint monitoring as well as issue remediation practices.

Today, after several years working with Xantrion, company officials and employees say they feel safe in their IT environment. They can count on backups being performed as promised and employees feel more confident when it comes to understanding cybersecurity best practices. The company has a resource to call in a time of need, thanks to Xantrion’s 24/7, U.S.-based help desk. And perhaps most importantly, with a reliable partner concentrating on their cybersecurity, the plant grower and distributor can focus on its core business, cultivating a better future for the business and its people.

If your company is ready to work with a managed security services provider, Xantrion is here to help. Our IT experts have helped hundreds of small and medium-sized businesses reduce IT support costs, improve cybersecurity and increase productivity. Contact us today to learn more.