Does the threat of a cyberattack frighten you? If your answer was “Yes”, it is understandable. There are good reasons for being frightening by a cyber threat. After all, cybercrime can account for billions of dollars in losses, and it can cause confusion and frustration within a business or organization.
For cybersecurity and IT experts, they hear real-life horror cybersecurity stories from businesses of all sizes, but especially small business owners. Today, the headlines are filled with cybersecurity stories. Take a look at these cybersecurity horror stories; they are anything but fun.
Lack of Proper IT Security
With more than 20 years worth of experience in offering cutting-edge IT services in the Calgary area, Troy Drever of Pure IT has seen, read about, or experienced nearly every jaw-dropping cybersecurity horror story you could imagine. We asked Troy to tell us about a current or former client who was the victim of a cyberattack and the aftermath of the attack.
Ransomware Attack Forces $20,000 Payment
We would like to know details of what happened.
The CEO of a company, one of Pure IT’s so to be future clients in Calgary, reached out to the Pure IT team with a problem. The servers were down and nothing on the system was working. After further investigation, it was discovered that the files on the servers were encrypted. There was no indication about the source; if it was a group or an individual. However, when the encryption was identified, there was a ransom note that indicated it was indeed a ransom. The demanded ransom amount was $20,000.
Was the company able to recover? If yes, how did you manage to move past it? If not, what was the straw that broke the camel’s back?
The company had to put in additional work to address the attack that affected the systems, networks, and other services. Pure IT realized that the client’s servers could not be decrypted without the decryption keys. As a result of critical systems being encrypted, the company agreed to pay the $20,000 ransom, against the advice of law enforcement officials and the company’s bank.
The company agreed to pay the ransom and held out hope that the decryption keys would work. While the client was able to confirm that the decryption keys did work after paying the $20,000 ransom, paying the ransom was not exactly the best course of action. Unfortunately, the client had to endure a hard lesson that businesses of all sizes and all types can be a target for cybercriminals. After this incident, the company agreed to have Pure IT install a start-of-the-art data protection system that would back their servers and guarantee they will not have to endure that experience again. If you want to remain safe from cybersecurity attacks get cyber security advisory services.
Construction Company Becomes The Target of a Ransomware Attack
We would like to know the details about what happened.
A Calgary construction company suffered a devastating ransomware attack that started as something benign. The attack occurred on April 16 and started with a problem with the printers. Unfortunately, things started to go downhill after this because everything else started to freeze. The company found out every aspect of the computer systems were locked. Users were locked out of everything, from accounting to estimations. To make matters even worse, the company was preparing to submit a bid for a large project.
Was the company able to recover? If yes, how did you manage to move past it? If not, what was the straw that broke the camel’s back?
Not being able to submit a bid for a large project was a devastating blow to the company, but the company had to get things up and running again. The price tag to get operations running again was $100,000. The company would need to do over $1 million of additional work to recoup the $100,000 that was spent on IT support and services.
The attack occurred on April 16 and is 90 percent back up. The company did everything in its power to prevent this type of situation, including performing regular data backups. Troy Drever, President of Pure IT, warned that ransomware attacks are generally not reported except when it involves a public institution and must be reported. Drever also noted that the police cannot provide any assistance in these cases.
Lack of a Managed Backup
Cyberattacks such as malware and phishing continue to become more advanced and costly each year. Businesses and organizations that do not have managed backup and disaster recovery planning are generally at the top of a cybercriminal’s list of targets because they are the most vulnerable. Focus on DNS Content Filtering so you can get better malware protection.
Small Business Becomes Victim of a Weekend Ransomware Attack
We would like to know details about what happened. Was the company able to recover? If yes, how did you manage to move past it? If not, what was the straw that broke the camel’s back?
Jorge Rojas of Tektonic Inc. shared details of a recent cybersecurity incident that a client experienced. The client is a small office pharmaceutical market that experienced a ransomware attack over the weekend. The client did not have a managed backup because the client said ”they did not need it.” Rojas said, ”We ended up just putting a hard drive on the server a while back for Windows backups (unmanaged).” When asked for reasons why this type of attack may have occurred at this small business, Rojas stated some reasons why this type of attack likely occurred:
- Software vendor using simple passwords for their account using local accounts
- Team viewer and Radmin loaded on their machines.
- Machines provided by the software vendor WINDOWS 7
- They replace the machines this week, with Windows 7 again.
- Passwords the same as the username, very simple.
Rojas stated the client has been down since Sunday and has not recovered yet. ”They are still working on it. The client has been advised repeatedly about the dangers, we removed the remote control apps a few times since we got monitor tickets for it, and it reached the point we have to suspend the alarms on it”, said Rojas.
Rojas also noted, ”We will be having a serious conversation on whether or not we will continue to serve them. Just because you are small does not mean you are not vulnerable. And if they choose to ignore advice the MSP should not have to pay the price of their neglect. We were just having a conversation about this topic this week. Should the MSP be responsible for time spent recovering from a breach?”
The Legal Consequences of A Data Breach
Over the past few years, there have been numerous hacking and ransomware cases that have made headlines in the news. Hundreds of millions of individuals have had their medical and financial records stolen and revealed on public websites.
Medical Practice Has Patient Data Encrypted
We would like to know details about what happened. Was the company able to recover? If yes, how did you manage to move past it? If not, what was the straw that broke the camel’s back?
Ashu Singhal of Orion Network Solutions shared their story of a cybersecurity incident with a client. Singhal shared the following:
“We have a client who is a 15 person medical practice. They got hit with ransomware that started from a user PC and eventually encrypted all their patient data as well. Their previous IT company was able to recover them but in the process had lost 4 months of patient data. The client is now in a legal battle with the previous firm over handling of this event.”
When asked what was missed, Singhal stated:
- The IT company focused only on recovering data from previous backups and failed twice because even two and three-month-old data had the ransomware, just that it was dormant.
- They didn’t run additional tools to try and clean it up since it was a known variant of ransomware and potentially could have been cleaned. A lot of companies miss that!
- They didn’t give an option to the client to negotiate with the ransomware attacker to pay the fees and get the data. The client would have rather paid the amount since they were insured anyway vs now had to go tell their customers about the missing data.
Office Hit By Major Ransomware Attack
We would like to know details about what happened. Was the company able to recover? If yes, how did you manage to move past it? If not, what was the straw that broke the camel’s back?
Kenny Riley of Velocity IT shared a story of a newly acquired client that was hit by a ransomware attack that impacted over 20 computers, servers, and on-site backups.
Riley shared, ”We acquired a client five years ago from another MSP. Unfortunately, the entire office was hit with a ransomware attack on the second day of our onboarding process. All 25 computers, file servers, and on-site backups were encrypted.” Riley wanted to get insight from the actual preparator to find out how the ransomware attack happened. Riley was surprised at the response he received from the responsible party.
Riley said, ”I communicated with the perpetrator via email to understand how the breach occurred, and surprisingly the hacker was incredibly open and helpful. He informed me that remote desktop protocol (RDP) on their file server was exposed to the public internet. Additionally, he gained access to an Active Directory user account with domain administrator privileges using a rainbow table attack. He further went on to tell me that the username for this account that he used to deploy the ransomware network-wide was “install” and the password was also “install.”
Unfortunately, as a newly acquired client, Velocity IT did not have the opportunity to analyze and correct any of the issues the client was experiencing. ”Needless to say, as a new MSP coming in the door, these were all security-related items that we didn’t have a fair chance to identify and correct in that these activities all took place on the second day of onboarding activities for this new customer of ours”, said Riley.
Sometimes clients decide to pay the ransom when it is determined there are no other options. When entire systems, files, and backups are needed, the only way to recover the systems and files will be to use decryption keys. “In the end, the customer elected to take the risk of paying the $2500 ransom demand in Bitcoin since their on-site backups were encrypted and off-site backups didn’t exist at the time. Once the hacker’s decryption key was sent to us, we were able to decrypt their file servers to obtain a backup of their critical data”, said Riley.
Riley also noted, ”Over the next 24 hours, we reloaded all workstations and servers in their office from scratch and restored their file server data to ensure that there weren’t any traces of the ransomware lingering on the network. We also took this opportunity to perform a firewall rule audit to close off unnecessary ports there were open, along with an Active Directory user account audit and enforced password complexity requirements on all user accounts. Finally, we instituted off-site backups which weren’t in place at the time from their previous MSP, which could have saved everyone in this situation from a ton of panic, grief, and sleep deprivation.”
Clicking One Email Can Lead To Trouble
The number of ransomware attacks via email continues to increase, with a variety of familiar and new forms of ransomware.
We would like to know details about what happened. Was the company able to recover? If yes, how did you manage to move past it? If not, what was the straw that broke the camel’s back?
”We’ve had a few clients that have “clicked” on the wrong email and have been victims of ransomware. We are lucky that our backup protocols have been a high priority for our clients and were able to restore their environment in a timely fashion”, said Ilan Sredni of Palindrome Consulting.
Ulistic LP
Ulistic LP is a leading marketing agency specializing in digital marketing, business development, and sales enablement for IT service companies. Our experience and level of services allow us to address our clients’ issues and place them on the path to success. For more information, visit us at ulistic.com.