Jump to content

Recommended Posts

Last week our business network was hit with a ransomware attack. One of our company officers was looking at resumes for prospective employees and opened an attachment on an email response from a Craigslist ad. The attachment was in.zip format and as soon as it opened she knew something was wrong. Within minutes, critical files on the computer were encrypted and unusable. In addition, files on other computers that were shared on the network were also encrypted. The computer screen was filled with instructions on how to pay a $1000 ransom to buy the decryption software that would return everything to normal. The payment method is in bitcoin through untraceable networks so the jerks at the other end are completely anonymous and untraceable as well.

The ransom attack targets specific file types that such as .doc, .pdf, Excel files and graphics files. Why graphics files? People don’t want to lose family pictures and will pay to get them back.

What do you do? You and your “IT guy” can’t crack the encryption, so you are faced with either paying the ransom or finding a way to live without them… UNLESS you have a backup. Do you? We use Carbonite on our critical data and it may turn out to be a blessing. Immediately after the attack, we found out that the machine in question had not been backing up for the past 45 days! Why? We’re still not sure, but it’s not a total disaster because we want to get back a lot of the old files. We also learned that as soon as you find out you’ve been hit, you need to freeze your backup, otherwise Carbonite starts backing up the encrypted files. Also, immediately power down the infected machine and disconnect it from your local network before powering it back up again.

My biggest fear was losing our Quickbooks files, but to my surprise the attack didn’t include them. But it did get our Excel day reports for the gas station and C-store and it destroyed the data in our car lot’s dealer management system, mostly PDF files. Fortunately that machine had a current backup in Carbonite. Thanks to our backups, I was able to make the decision not to pay the ransom, but I have now spent four days cleaning machines, attempting to take the machine that was attacked back to ground zero, updating files with old backups. I’m not done yet and will spend at least part of tomorrow working with the dealer management system people to get the car lot up and running again.

Monday night and everything is working again if your are willing to accept the loss of some data, and, believe me, I am. I sit here thinking that it could happen again tomorrow and I haven’t really prepared my defense, but I willl be working on that, believe me.

  • Like 1

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...