How Ransomware Tried to Take Down One of Our Clients… and Lost
A few weeks ago, one of our clients was hit with a ransomware variant that successfully encrypted all file shares on their primary file server. If you don’t already know about ransomware, this means your files could be locked so that you cannot use them, you could be prevented from accessing Windows, and certain apps could be blocked from running. Worst of all, these cybercriminals demand large amounts of money for files to be retrieved. Sounds like a nightmare, right?
As ransomware attacks are becoming more common, IT engineers are trained to establish preventative measures to recover from an attack if one was to ever occur. Tech Networks had been working with our nonprofit client, Roca Inc., for the past two years, reviewing and consistently improving Roca’s security as part of an overall infrastructure upgrade. These preventative efforts ended up paying dividends in this situation.
So what happened?
One of Roca’s employees noticed the files on their network drive looked different and were unable to be opened. Upon further investigation, our engineer confirmed that the files were encrypted and ransom notes were left in all file folders.
Once the ransomware attack was identified, the client organization was able to move forward without panic, as the recovery process was communicated to the Roca employees. Their systems were fully restored within a few hours, with little operational disruption. With a proper backup and disaster recovery plan in place, Roca was able to continue operating without having to pay a hefty ransom fee to the cybercriminals for their files.
But what about the security features already enabled on machines?
There are several very effective tools and techniques that can help you address many of the common threats and problems, including firewalls, virus production tools, Internet Content filtering, and more. However, if any of these tools were 100% effective, there would be no security breaches. As soon as a known threat is addressed by these tools, a new one emerges.
Some preventative measures to keep you safe:
- Never let any employee’s account be set to NEVER EXPIRE, even if they want it this way.
- Set password policies to NOT allow previous passwords, and change passwords every three months.
- Never send passwords through open email, always use encrypted messages for sensitive information.
- Using cellphones for SMS texts can be useful as a “back-channel” communication method during an attack, but this method is also not encrypted and the information relayed could be retrieved by an attacker/eavesdropper.
- Always run security updates and make sure the latest patches are installed on your operating system.
We hope this story can encourage your organization to employ strict password procedures and security practices, and eventually save you from a hefty payment to a cybercriminal. The ultimate key to beating ransomware is to prevent, not react. If you would like to discuss how we can help, please contact us or read about our security service offerings.