Don’t let this happen to your business.

The story below is fictional—but it’s based on real events that happen to companies every day. A single vulnerability, a missed best practice, or a weak spot in your IT process is all it takes for ransomware to cripple your operations.

Before you’re in this situation, start with a proper network assessment. Evaluate your existing team, tools, and processes. Identify the gaps. Put the right protections in place—Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), and security awareness training—before an attacker finds the holes for you.

Prevention is always cheaper, faster, and far less painful than recovery. Don’t wait until it’s too late.

We Got Hit by Ransomware – Here’s What I Wish We Did Differently

As the President of our company, this is one of the hardest posts I’ve had to write—but I’m sharing it because I hope others can learn from our mistake.

Not long ago, we were hit by a ransomware attack. It brought our business to a standstill. Files were encrypted, our systems went dark, and to make matters worse—our backups were gone. Deleted. We thought we were prepared, but the truth is, we weren’t even close.

We don’t yet know exactly how the attacker got in, but all signs point to a remote-use laptop connecting through our VPN. From there, they were able to move laterally through our network and eventually ran a script that encrypted everything. Then they found our backup drives—USB-connected, always-on, and directly accessible—and deleted them.

We were left with nothing. No access to data, no clean backups to restore from, and no way to continue business as usual.

We made a call for help, and thankfully, a cybersecurity team responded quickly. They followed best practices from the start—isolated the network, stopped the spread, and helped us send the affected drives to a data recovery specialist. It’s still uncertain what, if anything, can be recovered.

Here’s What I Wish We Had Done Differently:

  1. Backups must be more than a checkbox.
    We relied on USB drives and scheduled jobs to move files using Windows Backup. But because those drives were always connected, they were vulnerable. A proper backup strategy includes:
    • Immutable backups that can’t be modified or deleted,
    • Offline or air-gapped copies,
    • Regular backup testing and auditing,
    • Cloud or offsite storage not tied directly to the production environment.
  2. Remote access must be locked down.
    VPNs without strict controls are like open doors. That remote laptop was a potential trojan horse. At a minimum:
    • Enforce multi-factor authentication (MFA),
    • Allow only company-managed devices,
    • Use modern access controls with least-privilege policies.
  3. EDR and MDR could have stopped this early.
    If we had an Endpoint Detection and Response (EDR) solution, it might have flagged the unusual behavior early—like an unknown script encrypting files. If we had Managed Detection and Response (MDR) on top of that, trained analysts could have investigated and shut it down in real time, possibly before any damage was done. These tools are no longer a luxury—they’re essential.
  4. Cybersecurity awareness training matters.
    Had we invested in regular security training, our staff might have recognized suspicious emails, phishing attempts, or unauthorized software. Human error is still the #1 way attackers get in. A well-informed team is our first and best line of defense.
  5. Have an incident response plan—and rehearse it.
    We were lucky to get help quickly. But it shouldn’t have been a scramble. Every business should have a documented and practiced incident response plan so everyone knows what to do when—not if—something goes wrong.

The Business Impact

We lost time, we lost data, and frankly, we lost money. Our operations were down for days, our team was in panic mode, and we had to explain to customers that their data might be gone. We’ve spent more in response and recovery than we ever would have spent on prevention.

But we’re rebuilding—with the right tools, the right partners, and a much healthier respect for modern threats.

We’re implementing EDR across all endpoints. We’ve partnered with an MDR provider to get 24×7 Security Operations Center (SOC) monitoring from security professionals. Our team is going through cybersecurity training. And our backups? They’re now offsite, immutable, and regularly tested.

My Message to Other Business Leaders

If you’re reading this, let our pain be your wake-up call. Don’t assume you’re too small to be a target. Don’t assume your backups are safe. Don’t assume your team won’t fall for a clever phishing email.

Assume nothing. Test everything. And invest in prevention—before you’re forced to pay for recovery.

You don’t want to write a post like this.

Get Ahead of the Threat

NAS has helped dozens of businesses build strong, secure IT foundations. Whether you need a security assessment, a backup strategy review, or full implementation of EDR, MDR, and staff training, we’re here to help.

Reach out to our MSP team today and schedule a no-obligation consultation. Let’s make sure your business isn’t the next cautionary tale.

👉 Contact the NAS MSP Team

Recent Posts
Archives
Contact Us

Contact Form

Name(Required)
Email(Required)
Please let us know what's on your mind. Have a question for us? Ask away.