Protect your PC

Payroll Firm Gives in to Ransom Demands in an Attempt to Restore Systems

Payroll Management Services Severed After Ransomware Corrupts Systems

On February 19, 2019 an unknown ransomware variant infected the payroll firm, APEX Human Capital Management. This infection left their primary and backup networks entirely corrupted, rendering not only their services useless, but also impacting the firm’s 350+ clients.

The initial hope was for services to be restored within a matter of hours. However, this timeline kept getting pushed back hour after hour, as more damage was found. The payroll firm remains confident personal data was not breached as a result of the ransomware attack. Although, the investigation is still in the early stages, making it difficult to state with absolute certainty this is indeed accurate.

As of today, APEX has paid the hackers an unknown amount in an attempt to restore their systems and get their clients payroll networks at full capacity. Unfortunately, even after paying the ransom demands, the restoration process has been far from flawless. Some of the files remain inaccessible, while other file directors are completely broken. At this time, there has not been a timeline released for when these issues are expected to be resolved.

To thwart attacks, such as these, businesses are encouraged to utilize the following recommendations:

  • Deploy a security solution that includes application whitelisting as its primary method of malware detection
  • Backup files timely and keep these separate from the primary network
  • Keep all third-party applications and operating systems updated
  • Mandate employee cyber security training

2,028 total views, 3 views today

(Visited 1 times, 1 visits today)

One thought on “Payroll Firm Gives in to Ransom Demands in an Attempt to Restore Systems

  1. Sigh…
    How many times have we read about these kinds of attacks? How many times have the solutions been stated? I no longer have any sympathy with an organization who is attacked like this. What will it take for them to realize that the risk is so real, and to put in place robust security measures?

    My answer would be for the organization’s clients to lodge a class action, not only against the firm, but also against all the board members and senior office holders, for an amount that literally puts them out of business, and bankrupts the people responsible for this criminal gross negligence. I believe that if these measures were known to be automatic in every case, that the people responsible for the security of digital information would get serious about the job, for which they are paid handsomely, or starve to death in penury.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.