IT firm Geek helps Adelaide accountants beat CryptoLocker attack


news Australian IT services firm Geek said it has helped an Adelaide accounting firm recover from a CryptoLocker malware attack in “just 15 minutes” using a US security product called Datto.

By using Datto, which can replace files from backups at high speed, the accountancy firm was able to get back up and running with minimal disruption and without any need to pay a ransom, according to Geek.

“This client, a mid-tier Adelaide accounting firm, had bought the Datto backup appliance on our advice, hoping to never need it,” Geek founder and Chairman Jon Paior said in a statement.

“However, their worst nightmare was realised when a staff member opened an AGL-branded scam email that generated a screen demanding thousands of dollars,” Paior explained. “All their files were encrypted, and totally inaccessible, including the main database. They were dead in the water.


CryptoLocker is a ransomware trojan targeting PCs running Microsoft Windows. When activated, it encrypts files stored on local and mounted network drives and displays a message offering to decrypt the data if a payment is made by a given deadline, otherwise it threatens to delete the encryption key.

Using the Datto appliance to restore its files, the accounting firm was back up and running within 15 minutes after the attack hit, Geek said.

The accounts later calculated that its previous backup product would have taken “at least six hours to fully restore those terabytes of data”, Geek said, adding that, with 120 employees, that period of downtime could have cost it about $150,000.

The Datto disaster recovery appliance creates and stores backup “snapshots” of a computer hard drive or network at intervals as frequent as every five minutes. It can sidestep CryptoLocker and other ransomware attacks by providing near-instant access to the stored backup. Datto handles more than a million backups a week at its nine data centres around the globe.

Jon Paior said Geek, which introduced the product to Australia, had worked with Datto to customise the its service for the local market.

“As well as a local presence, the right pricing and local data centres, we requested new features in the product that directly responded to the needs of Australian customers,” Paior said.

“These include customisable off-site replication, which means we can back up data to more flexible locations, and file-based backups, addressing the fact that customers have to pay for bandwidth in Australia,” he explained.


  1. “All their files were encrypted, and totally inaccessible, including the main database.”

    So the “main database” is an Excel/Access file then?

    Sounds like a professional outfit.

    • well database files have to live somewhere, they cant be in memory all the time otherwise its dangerous…..and alot of memory

    • You don’t need very much talent to encrypt an Excel or Access file. They’re just like all other files.

      And you don’t need to be dumb to use Excel or Access as your main database. They are both excellent data-arrangement products living on the top shelf (and I’m a Lotus freak!). I’d only question their use if the data heap exceeded a certain size, when a bespoke product starts to look economically attractive.

      • Agreed that it’s easy to encrypt, provided the Access backend file is not in use (assuming at least one connection, given it’s the “main” database). Not questioning the product – I’ve been using it daily for over 20 yrs.

        As to the appropriateness of using Access/Excel for the “main database” (and we’ll assume that has to be the accounting system, the Client data system or perhaps CRM system, otherwise I’d hardly call it “main”), a “mid-tier” firm (120 emps) should be using something a lot more bulletproof than a back-end MDB on a file server.

        Nonetheless, the article is all about them having purchased an expensive box that allows restores to be done quickly. Presumably that’s less expensive than properly locking down workstations by:

        – preventing non-signed macros/vba from allowing to be run / stripping code before on-forwarding to users
        – Limiting Trusted Locations
        – Stopping files at the gateway
        – Setting up SRP/Applocker to prevent execution

        ..but I digress. :)

        • Good points. I would have thought Crypto-Prevent would be a good starting line…

  2. Talk about click-bait. They had onsite backups and they were restored…how is that ‘beating’ Cryptolocker or doing anything that any professional outfit wouldn’t be doing. The same outcome can be achieved with many other products on the market including StorageCraft and Veeam…

  3. Not many of these places are secure. And they get account console access to the business portal to do your tax.

    This is why IBM’s cyber security centre is a farce and so is anything the government may cook up. It’s just for enterprise. What about everyone else ?

    LANS need to be fully and completely audited by consultants I think. It’s always escalated attacks. Is VLAN the only option to isolate some dumb machine from everything else ?

    As I keep carrying on about. These fake invoices with malware attached.

    They spoof legitimate companies like Amazon, Ikea , now AGL. Down to the email host but the ip is different.

    It is not coming from their email servers, but one poor small business was hit with this spoof and had to close their site because of it.

    I honestly believe if the email was passed through a surbl filter it will filter the ip address. They can’t spoof the ip address also surely or can they ?

    It is getting out of hand. I can’t count how many I have reported to every possible agency and they have been completely ignored.

    I was reporting them before the media even wised up to it.

    There is always going to be on e dumb one opening these malware emails. They are even passing through gmail spam filters.

    So the problem is not that someone can crack it, the problem is we have an idiot government who treat cyber security as some kind of joke that people have let back in.

    Controlling the borders my ass, this kind of crap has no borders.

  4. Hmm, how is Datto restoring terabytes of data in 15 minutes? Copying data across a gigabit network you’ll max out at around 120mb/s, which will allow around 2tb to be transferred in 15mins. That provides no allowance for decryption and decompression overhead. I assume backups are being compressed and encrypted? Admittedly you can get around encryption overhead using 256 bit AES encrypt/decrypt hardware acceleration, but compression/decompression is still quite CPU bound. Unless you’re using specialised hardware, in which case this should be an article about that hardware, not Datto. Likewise for 10gigabase network hardware allowing much higher transfer rates – claiming a win for Datto that’s a result of fast and expensive hardware (that would allow any backup software similar advantages) is plain dishonest.

    Pretty disappointed such obvious PR fluff is being flogged off as ‘news’. ‘Company recovers customer data from backups’ is not news. This really is quite an appalling piece of writing from lots of angles.

    • Ummm. 2TB is definitely on the plural side of singular, so the 15 minutes looks good. And where was “cloud” mentioned? I did see the word “appliance” :)

      Let’s also remember the phrase “mid-tier Adelaide accounting firm”, so given the nature of (especially) Access and similar database front-ends a few TB is entirely reasonable, rather than lots of TB. And we should remember that most recovery needs only the most recent work 85% of the time, the rest (probably 85% of the files) can wait.

      I note the one thing not mentioned explicitly, but we should infer it, is the Datto system doesn’t fully sync the backups like (for instance) DropBox. It can beat a Crypto-infection by simply not being there at the time. Mind you, I do wonder what would be the story if Datto happened to be backing up simultaneously with the Crypto-infection…

Comments are closed.