One morning, IRIS Solutions received a notification via our monitoring software that a client of ours had been affected by malware. Per our standard policy and procedures, the monitoring software isolated the infected computers by disabling the shared drive.
The malware happened to be Ransomware caused by 2 employees clicking on a malicious email attachment.
Had we had not caught and isolated the infected computers, the entire network would have been at risk to be encrypted and held for ransom. If the client did not have a solid backup of their network, they would have to pay the ransom via Bitcoins to get their information back. That takes time and money, and there is still no guarantee your information will be released.
Thankfully, an IRIS tech was able to clean the two workstations that were affected. The entire network was then scanned to verify the Ransomware did not get further into the network.
Due to the reaction time, all of the office files on the server were safe from encryption. The files stored locally on the two infected workstations were recovered via a specific recovery process with minimal downtime and during this recovery process, the rest of the company was able to continue business as normal.
Takeaway: Multi-level security = reduced downtime.