The LAN Masters team has very recently come across a particularly difficult ransomware infection that created a major problem for one of our clients. Hackers have started using brute force attacks on remote desktops, running at usernames and passwords over and over again until they’re able to crack the login information and break in. In this particular instance, a hacker was able to determine the password for a single employee.
This business had a great antivirus solution installed on their computers – including the computer that was hit with the initial infection – but because the employee was using a weak password, the hacker was able to get access and release the virus anyway.
The attack happened on a Saturday, which meant that the ransomware virus had the entire weekend to run unnoticed. After encrypting all of the data on the employee’s computer, the virus moved on to all of the network shares, and eventually to the business’ servers, where it wiped out their entire backup history.
Because their backups were lost, we had no choice but to go ahead and tell them to pay the ransom demand and wait for the decryption key to be provided. The hacker was asking for three bitcoin, which converts to just under $4000. Getting a hold of that much bitcoin is not an easy task, especially since the sources you’re forced to deal with know that you’re already desperate, and have no problem adding an extra 7-10% on top of the initial cost.
We were lucky enough to find ourselves dealing with a hacker willing to hand over the decryption key. However, after multiple attempts, we’ve only been able to restore 90-95% of their data and applications. The business has been out of commission for an entire week, and they are still locked out of two of their primary applications.
This client chose to stick with the basics where security is concerned, and that decision had some very real consequences. Scenarios like this are why we always recommend businesses invest in their security by:
- Installing high-quality firewall and antivirus software
- Taking password management seriously and enforcing strict password policies
- Using secure offsite backups to protect sensitive data and applications
We rely on eFolder to provide encrypted, cloud-based data backups for our clients using Storage Craft or Replibit. This system keeps ransomware infections from reaching data stored in the cloud – it’s like hitting a brick wall. The infection can’t get through, and your backups stay intact.
If this business had this backup system in place, the situation would have played out much differently. This case is a perfect of example of why IT support providers make these suggestions to clients in the first place.
As of right now, the LAN Masters team is still hard at work correcting what we can. Our client will get back up and running eventually, but it’s been a slow process, and at least some of their data is gone forever. When all of this is over, we’ll be working with them to implement the security suggestions they were reluctant to invest in initially to make sure something like this never happens again.
If you’re concerned that your IT security might not be able to stand up to a ransomware infection, LAN Masters is here to help. Contact us right away at firstname.lastname@example.org or (407) 409 to learn more about the steps you can take to keep your business safe. -7519