Twelve years ago, A1Care suffered a significant ransomware attack during an era when such attacks were not as common as they are today. Percy Syddall, its CEO, never forgot what the attacker put his company through—he recalls that the hackers’ demands kept changing over time.
Over the years, A1Care—which provides in-home elderly care, facility placements and case management services—has continued to enhance its security posture. However, because the threat environment is so pervasive now, the company wanted to upgrade its security products and advisory services to try to stay a step ahead of data thieves.
With more than 1,000 clients, “there’s just so much stuff going around, and I need to be on top of this,” Syddall says.
That’s why A1Care recently contracted to get the mirror shielding technology of NeuShield Data Sentinel, which enables an organization to recover files when other malware defenses, such as antivirus and anti-ransomware software fail.
One major technology difference is that NeuShield does not need to continuously download anti-virus updates or have a dependency on "signatures" to effectively protect and prevent malicious attacks.
Mirror shielding makes an attacker believe he or she has taken control of an organization’s data files, but the attacker is seeing a mirror image of the attack and does not have possession of the data, says Marcus Chung, CEO at Bold Cloud, an advisory firm also working with A1Care. “We click a button and revert back to the original files. The product stores multiple revisions of files,” he explains.
Bold Cloud’s initial target audience comprises small to medium-sized businesses with 25 to 500 employees.
Mirror shielding further protects against “wiper” attacks in which the criminal simply seeks to destroy an organization’s data, sometimes just for spite, Chung adds. “A wiper is just out to destroy, corrupt or steal your data, or change the master boot record so you can’t even boot up the computer, or is engaging in corporate or nation espionage.”
In its experience with ransomware a dozen years ago, A1Care “had to pay ransom; all I know is it hurt my bank account and personal assets dealing with that nightmare,” Syddall says. “They had a hold on all our files and would release data back to us for a fee, then release more data back for another fee. It was a slow process to get data back to us. We had backups, but it was not enough with new data always coming in through our operations.”
It got worse. The attackers kept coming back to negotiate a new deal every few weeks, but then it took two or three months to get data back after negotiations seemed to be complete.
The attacker had clients who wanted data and threatened to sell A1Care’s data to the clients unless another payment was made, but the prices kept changing, and not for the better. “They thought we were a huge company,” Syddall says. “We had three locations.”