Jump to content


  • Announcements

    • AutoShopOwner

      Advertising & Promoting Your Company On AutoShopOwner - Information   02/25/2017

      This message is only shown to FREE members and goes away after subscribing to a paid membership. If you are joining AutoShopOwner to promote your business, service, or product to this community of auto shop owners, please subscribe to a Sponsor Member Annual Package before doing so. With the correct membership, you will have the ability to post about your company in your posts and forum signature.

      You can upgrade your existing membership here.

      All marketing attempts to this community without proper membership level and/or approval by staff, will be considered spam, result in topic/post removal, and a warning, which can lead up to the banning of your membership, company and/or product on all pages of AutoShopOwner.

      Thank you for your support.

Recommended Posts

Last week our business network was hit with a ransomware attack. One of our company officers was looking at resumes for prospective employees and opened an attachment on an email response from a Craigslist ad. The attachment was in.zip format and as soon as it opened she knew something was wrong. Within minutes, critical files on the computer were encrypted and unusable. In addition, files on other computers that were shared on the network were also encrypted. The computer screen was filled with instructions on how to pay a $1000 ransom to buy the decryption software that would return everything to normal. The payment method is in bitcoin through untraceable networks so the jerks at the other end are completely anonymous and untraceable as well.



The ransom attack targets specific file types that such as .doc, .pdf, Excel files and graphics files. Why graphics files? People don’t want to lose family pictures and will pay to get them back.


What do you do? You and your “IT guy” can’t crack the encryption, so you are faced with either paying the ransom or finding a way to live without them… UNLESS you have a backup. Do you? We use Carbonite on our critical data and it may turn out to be a blessing. Immediately after the attack, we found out that the machine in question had not been backing up for the past 45 days! Why? We’re still not sure, but it’s not a total disaster because we want to get back a lot of the old files. We also learned that as soon as you find out you’ve been hit, you need to freeze your backup, otherwise Carbonite starts backing up the encrypted files. Also, immediately power down the infected machine and disconnect it from your local network before powering it back up again.


My biggest fear was losing our Quickbooks files, but to my surprise the attack didn’t include them. But it did get our Excel day reports for the gas station and C-store and it destroyed the data in our car lot’s dealer management system, mostly PDF files. Fortunately that machine had a current backup in Carbonite. Thanks to our backups, I was able to make the decision not to pay the ransom, but I have now spent four days cleaning machines, attempting to take the machine that was attacked back to ground zero, updating files with old backups. I’m not done yet and will spend at least part of tomorrow working with the dealer management system people to get the car lot up and running again.


Monday night and everything is working again if your are willing to accept the loss of some data, and, believe me, I am. I sit here thinking that it could happen again tomorrow and I haven’t really prepared my defense, but I willl be working on that, believe me.

  • Like 1

Share this post


Link to post
Share on other sites


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now




×