When a ransomware attack struck after hours, swift action and strong backup protocols helped this longtime client avoid paying a $20,000 ransom - and return to business within 24 hours. Here's how it unfolded and what you can learn from it.

Top Notch Networking (a Pro Cloud SaaS Company), has been the trusted IT partner for this long-standing client for over five years, providing them with robust infrastructure, support, and security tooling including SonicWall, SentinelOne, and ConnectWise Agent. Despite these layers of protection, even the best-defended environments can face threats when internal security hygiene, such as password management, is overlooked.

The Incident
Overnight, a malicious actor gained unauthorized access to the client’s primary server. Once inside, they deployed custom software to exfiltrate sensitive files and subsequently deleted all data from the server’s data drive. A ransom note was left behind, demanding $20,000 for the return of the stolen files.

The Response
The TNN team sprang into action immediately upon detection. Our first move was to sever all external connections to the compromised server to contain the breach. Next, we:

• Conducted a deep log analysis to pinpoint the source of the breach
• Reset every employee password across the organization
• Performed a comprehensive security audit and system cleanup
• Restored operations from secure offsite backups
• Maintained clear, transparent communication with the client throughout the recovery

This was an all-hands-on-deck situation, with our technical team collaborating across functions to ensure a smooth and rapid resolution.

The Outcome
Within 24 hours, the client was fully operational again. While the initial breach couldn't be prevented in this instance, fast, decisive action prevented far more severe consequences, including extended downtime or payment of the ransom.

Prevention Measures
In analyzing the breach, it was determined that poor password policy enforcement and unrestricted access outside business hours were contributing factors. Moving forward, we recommended and implemented the following:

• Strict password policy enforcement with regular updates and complexity requirements
• Time-based access restrictions to sensitive systems
• A refined employee access audit trail to improve monitoring and control

If you are looking to improve the security posture of your business, here are the top 8 Ransomware Readiness Recommendations from our CISO, Pete Green:

1. Enforce multi-factor authentication (MFA) on all remote and privileged access
2. Implement role-based access control (RBAC)
3. Audit and restrict after-hours access via conditional access policies
4. Regularly rotate and monitor credentials
5. Centralized logging and security monitoring (SIEM)
6. Scheduled security awareness training for staff
7. Conduct regular penetration testing and vulnerability scanning
8. Immutable, offsite backup strategy with regular recovery testing

Key Learnings
This incident highlights the reality that no matter what size, every organization is susceptible to an attack, and no system is impenetrable. But with a strong response plan, resilient backups, and a proactive IT partner, disasters like this can be contained quickly and effectively, with minimal impact to your business. 

If you're unsure how resilient your organization would be in the face of a ransomware attack, we're here to help assess and strengthen your defenses.

Top Notch Networking is a Pro Cloud SaaS company. 

In 2025, we welcomed TNN to the Pro Cloud SaaS family - a long-standing IT provider with deep regional roots. Together, we’re uniting decades of legacy client services with modern, scalable IT and security solutions.