Case Study – Accounting Firm Hit with $300,000 ransomware: TWICE?

Accounting Firm Hit with $300,000 ransomware – TWICE?

Will you be next? Take action today and Protect Your Hard Earned Income!
Cyber Ransomware Attack

I would like to share a story about an incident when a new customer called us about being hit with $600,000 in ransomware! I will lay out what happened and how you can avoid this from happening to your CPA practice. The accounting firm has two sites with 25 people working at each location. Both sites were hit separately with ransomware that encrypted their data and a request to pay $300,000 per site to get an encryption key that would unlock the data. Each site story is similar in nature so we will tell you the story from the first site.

Our office received a frantic call from an accounting firm. The company needed immediate IT help because they were ground to a halt (no one could work), and their files and applications were locked up and encrypted by ransomware. eSudo met with the accounting representative that originally called us and learned she was the CEO. Her IT provider promptly joined us in the meeting to discuss available options. They asked us to perform a security assessment to help find out what happened and where they were weak in network security.

In our assessment, we found out they had employees working from home due to the COVID virus outbreak. Their designated IT provider allowed the remote employees to use the default Windows Remote Desktop Protocol (“a non-secure connection”) to access their office computers over the Internet. In turn, this is how the hacker was able to gain access to the company’s computer systems and encrypt their files with ransomware.

Remote-Desktop-Protocol-Hacked (RDP) by Cyber Attacks

eSudo also learned that the company did not have a business-grade firewall to prevent and protect their internal network, computers, and data. They were a consumer-grade wireless router or Internet modem as their firewall, provided very little to protect the network. With little effort, the hacker gained access to the network and caused major damage. For example, many businesses use the Comcast modem or AT&T modem as their Internet firewall and wireless device; unfortunately, it does not provide the level of protection needed today against advanced threats.

We also did not find any other network security systems, such as multi-factor authentication (MFA/2FA) or VPN, in place; thus allowing the breach in security to render them completely compromised once the attack took place and the attacker had all the data locked up. The CEO had signed a contract with her current IT provider, and thought that her network and server were safe and secure. It was not! As a result, the hacker gave them 24 hours to pay $600,000 before they would give them the encryption key needed to restore their files and customer information.


My name is Matthew Kaing, Managing Director of eSudo Technology Solutions. I do realize that my opening claim may seem “sensational,” and that you’d be tempted to ignore this message, thinking I’m just another vendor looking for a paycheck. Maybe you think, “we’re fine.” It’s natural to insist, “Not in MY company,” or to think your IT person or company has you covered.

The growth and sophistication of cybercriminals, ransomware, and hacker attacks have reached epic levels, and a NEW approach to protection is now required. Our experience has shown that the majority of small businesses and their IT staff fail to understand the importance of computer security protection and maintenance until disaster strikes, leaving them to learn by catastrophe. Security problems are typically due to a failure to take the steps required to secure the company network, a delay in implementing system updates due to ‘more important business tasks’, or simply because they ignore the threat completely. As a business owner, it is very important to know the risk your company is facing, address the vulnerabilities, and secure your company. Because, when it comes to IT Threats, “you don’t know what you don’t know”, eSudo can help give you and your company a pro-active approach to solving IT security issues.

After years of managing computer networks for thousands of small businesses in legal services and accounting firms, eSudo has discovered many common security mistakes companies make along the way. My team and I have found 4 distinct roles to perform when protecting your company to prevent a major disaster like the one listed above. This led me down the path of creating a unique Security Network Assessment (see link below), so that you can get instant clarity on how to immediately fix issues and protect your business.


As a CPA or accounting firm, it has access to sensitive and confidential information about its customers–tax returns, social security numbers, addresses, bank accounts, and other personally identifiable information (PII). If the information got exposed from the breach, it would create a huge liability for the firm and may cost over $600,000 (above the ransomware cost) from direct claims, related to costs incurred to investigate and mitigate damages. Costs may include compliance with state breach notification, forensic investigation, credit monitoring services, customer discounts for future services and products, and loss of business.

You can avoid getting compromised by putting the proper measures in place. This includes security as well as the IRS required data security plan and following it.

IRS Publications 4557 (26 pages) and Publication 1075 (198 pages) on Safeguarding Taxpayer data are good places to start.

If you’d prefer to skip 200 pages of reading cyber security, schedule a complimentary IT Security Risk Assessment to make sure you are doing everything you can to protect your clients’ data. Click on the link below or call us 408-216-5800: