Ransomware Attack!! Don't Let This Happen To You!

Ransomware Attack!! Don’t Let This Happen To You!

Mark J. Komen, President

Kodyne, Inc.

Minneapolis, MN

We’ve all heard about company computer systems getting hacked. According to a recent Barkly Blog post by Jonathan Crowe (https://tinyurl.com/yc79orv9), here are some disturbing statistics:

A company is hit by ransomware every 40 seconds
71% of companies targeted by ransomware attacks have been infected
Two thirds of ransomware infections in Q1 2017 were delivered via Remote Desktop Protocol and not by email or phishing
The average ransom demand has risen to $1,077
1 in 5 businesses that paid the ransom never got their files back
Global ransomware damages are predicted to exceed $5 billion in 2017

In this article, I present a first-hand exchange I had recently with the owner of a manufacturing company who was the victim of such an attack. He shares what happened and offers his perspectives about what to do to prevent this from happening again.

What happened?

Our server was hacked via a remote terminal in our off-shore location. We’re not exactly sure how they got in.

How did you know you had a problem?

We couldn’t access files, they all had different extensions

What went through your head at that moment where you discovered you had a problem?

We didn’t realize the severity of the problem until later in the day

What was the first thing you did to address this?

Contacted our IT person

What happened?

IT was slow to respond, when he did he told us we had been hacked and our files had been encrypted

What was the next thing you did?

He contacted the hackers and they asked for (demanded) $5.000.00 in Bitcoins

What happened then?

I refused to pay. They then said they would take $1500. I did pay that but never heard back.

What was the first thing you did that worked or was beneficial?

We contracted with a firm that was able to do the decrypting. It took 10 days at a cost of $4600.00.

What was the extent of the hack?

Over 15,000 Excel files were encrypted including several operating programs, off-shore accounting records and software

What ultimately did you do to fix the problem/prevent it in the future?

Our IT person never returned to our company – he fled! We hired an interim IT company to get us back up and running; we interviewed several companies and selected a new organization much larger and with more resources. We completely replaced EVERYTHING – server, firewall, antivirus, routers, back-up systems both in the cloud and a hard drive unit in the building. We added firewalls (physical equipment) in our other locations.

Other info you care to share?

YOU SHOULD ALWAYS HAVE ACCESS TO EVERYTHING YOU OWN – all credentials, all User IDs and passwords.

YOU MUST GET A THIRD PARTY TO VALIDATE YOUR SYSTEM – looking for weakness. When you customize software, you must understand where that customization resides, how to access it and what is required to make changes to it.

Lessons learned?

You don’t know what you don’t know. In the IT space everything is changing very rapidly. As a business owner you may be very good at what you do but you cannot be all things to all people, you need an expert in IT and an independent 3^rd party auditing what they do for you.