Unraveled: A Day-by-day Recap of an M&E Ransomware Attack

As this year’s Cyber Security Awareness month continues, we’re exploring a scenario created by our partners Marquis.

Welcome to First Class Post, a hypothetical multi-service post-production company. They’re slammed delivering assets to their clients, since getting work over the finish line and out the door is how they get paid. They’re ingesting about 10TB of data per day into an Avid NEXIS system and backing it up to a locally-stored NAS device. Business is booming; they’re even looking at taking on investors to grow faster.  

Day one 

Today, unbeknownst to them, First Class’ systems have just been infiltrated by a nasty ransomware attack. It is currently working its way through their network and encrypting any and all files it comes across. But the team at First Class is too busy to notice, and the attack carries on unfettered.   

Day two 

It’s immediately clear to everyone at First Class that something is wrong. Employees find they are unable to log in to their workstations. The technical team, attempting to understand what happened, discovers the Avid NEXIS and its backups are inaccessible. The team can’t make their production deadlines, and clients are on the phone looking for answers. 

Day three 

The hammer drops: all the First Class databases and Avid NEXIS workspaces are encrypted and inaccessible. The board receives a ransomware demand for $1 million in Bitcoin and an emergency meeting is called. Word starts to spread and suddenly half the industry knows First Class just got hit with a monster ransomware attack.  

Day four 

When the tech team tries to restore from a backup, they realize that their last restore had been after the infection. Their backup copy is encrypted and irrecoverable. With deadlines blown, contracts are defaulted on and suddenly First Class is looking at a major cashflow problem. There’s talk of getting a bank loan to pay the ransom, but there’s no guarantee that their content will be restored after they pay. Further, their insurance policy conveniently only covers equipment damage and is of no use in a cybersecurity attack. The team begins making tough calls to clients, and any interest the company had from investors dries up in an instant. Game over.  

Rewinding the clock 

Now, let’s replay the scenario and see how things could have gone differently. First Class did one thing right: they were regularly backing up their work. Reliable backups are the best defense against ransomware and key to any cyber resilience strategy. However, their backup strategy has some holes that left them vulnerable.  

Protective partners 

For one, they could use a media-specific backup software like Marquis which is specifically designed to integrate with Avid workstations and takes special consideration to not back up any encrypted files. This would stop their automated process from backing up files compromised by ransomware and give the organization a lifeline for recovery.  

Cloud copies 

Additionally, they could store their backups offsite. On-prem backups are easier for criminals to access once they’re inside your system. Cloud object storage is a convenient option for offsite storage as the files can be retrieved from any machine connected to the internet, important if a compromised system is your only path to your backups as in First Class’ case.  

Immutable backups 

Cloud object storage providers, like Wasabi, often offer options for immutable storage, preventing files from being altered or deleted by anyone for a designated period of time. No alterations means no encryption, so your data is safe from ransomware and other threats. By making every fifth backup an immutable one, you’ll always have something solid to restore from.  

With these tactics, an organization like First Class will be well prepared in the event of a ransomware attack. The right combination of intelligent backup software and secure storage will have even the most hardened hackers running scared.