Jul 6, 2023
4 minutes

Decrypting Disaster: A Case Study of a Modern-Day Ransomware Encounter

Decrypting Disaster: A Case Study of a Modern-Day Ransomware Encounter

In an age where data is as precious as gold, the dark web pirates – ransomware attackers – are more prevalent than ever. A recent Wall Street Journal article illuminates the tale of Evotec, a drug development company that fell victim to a sophisticated ransomware attack, and highlights how ransomware can cripple even the most modern companies. Here are my top five takeaways from this case study:

1. Even if a company has the means to pay the ransom, there’s no guarantee the encrypted data will be fully recovered or that operations will recover in a timely manner. Indeed, cyber insurance is necessary but not sufficient.

“Even if the hackers were to provide tools for decryption, [the Evotec Chief Information Officer] said he doubted they would work. [The Chief Business Officer] declined to comment on whether any ransom was demanded or paid, citing a continuing law-enforcement investigation.”

“Two months after the attack, Evotec’s technology still isn’t completely restored”

2. Early detection is critical, in part because it enables IT teams to quarantine affected systems before other components are contaminated.

“[The Chief Executive Officer] knew ransomware could easily spread, encrypting or exposing business partners’ data. “It was maybe a 20-second discussion,” he said.“Shutting down was the only way to really protect our business model in the long run.”

“Companies in drug development, in particular, are heavily interconnected, making cyberattacks especially dangerous.”

3. Financial and corporate data is the most at risk.

“The hackers went after financial and corporate data, but not clinical information.”


4. Malware detection is a worthwhile investment, but it can be expensive to implement custom processes in terms of dollar-cost and people-hours.

“Now, staff go through a painstaking process to secure all of the company’s data in a controlled, quarantined environment to make sure it is safe before they share any information with partners.”

“IT staff and external consultants set up a secure setting to contain all the company’s data, equipped with extra firewalls, antivirus software and scanners to detect indicators that hackers have returned, the company’s management board said in a letter to business partners in May.”

“Data that Evotec shares with business partners comes with proof that it is validated and safe, [the company’s Chief Business Officer] said. With these additional security steps, the company isn’t as efficient as it was before the attack, but productivity is at a similar level, he said.”


5. Still, the cost of preventative measures far beats the cost of reactive measures, business shut downs, and operational disruptions.

“It isn’t unusual for a company to stop operations out of caution during a cyberattack...Lost revenue, potential customer defection and supply-chain problems are viewed as worth it compared with the unknowns of a crippling hack... Two months after the attack, Evotec’s technology still isn’t completely restored...”

“Evotec still hasn’t calculated lost revenue from the attack, and said it expects to pay tens of millions of euros to rebuild IT systems.”


The battle against ransomware is a relentless one, where the enemy is ever evolving. Evotec’s story is a wake-up call for enterprises to not only arm themselves with state-of-the-art cybersecurity measures but also to be agile in adapting to the changing tactics of cybercriminals. Investing in early detection systems, securing critical data, and building out a comprehensive recovery plan are some of the best practices.

If you’re responsible for securing a Microsoft 365 domain, I’d invite you to check out Alcion for your data protection needs. The platform offers AI-enabled ransomware and malware detection capabilities which are seamlessly layered on top of backup and restore functionality.

Don’t miss the Alcion case studies (from real users), and dig into the reasons why you need to backup Microsoft 365, compiling the most pressing security challenges faced by Microsoft 365 administrators. And if you’re ready to try Alcion, you can try it for free now; the trial runs for 14 days and no credit card is required.

Zack Rossman
Zack Rossman
Member of Technical Staff, Alcion

Zack Rossman is a Member of Technical Staff at Alcion, leading the engineering efforts on AI, search, and telemetry platforms. Prior to Alcion, Zack was a Senior Software Engineer at Okta where he contributed to the core workforce identity and access management products within the Directories sphere. His strong technical background is complemented by a liberal arts education. Zack received a BA in Computer Science from Harvey Mudd College while also fulfilling commitments as a Robert Day Scholar and All-American water polo player at Claremont McKenna College.