Picture this…
It was 8.30am on a Saturday…
My mobile rang from a trusted colleague…
“Gary? You’ve got to help me,” came the frantic voice down the other end of the line. “A friend’s business has just been hacked and ground it to a halt with Ransomware.”
I bolted upright, staring longingly at the nice cup of tea I had just poured myself and the Eggs benedict my wife had just made for me.
This sounded serious, my heart was racing…
I dialled the business owner who had just got hit but she was too distraught to make any sense and asked me to call somebody else in the business who would know more about their IT than her.
After a couple of phones calls I had little information on their IT set up and many holes still existed.
My head was swirling as I grabbed the car keys and headed for their office.
Driving in I tried to reach yet another contact who eventually came back to me with some answered questions.
Upon arriving onsite, I was shocked to see the degree of the mess…
WoW!!
Everything was crippled with ransomware.
No way! My guts started to tighten…
It was happening live before my eyes…
Quickly I checked the logs and saw it had been a brute force password breach on the administrator account …
OMG the Remote Desktop connection was open…
This was NOT good!!
No! No! No…
Brute force I had read about but never had experienced it before as it was being carried out.
Come on Gary think!Think…
I had 2 options
- Rebuild and restore from backups
- Pay the ransom and hope to get the keys to decrypt the data.
Problem: Option 1 would take time and that was not looking good plus the owner had no back ups
My mind was racing…
I always recommend not to pay the ransom as you never know if you are cleaning up the source of the infection – which in many cases you’re not.
What to do?
In this client’s case, they had no backups ☹, so a rebuild would mean they lose everything – all email and files!!!
I had no choice…
I couldn’t believe I was going against everything I told everyone Not to do!
I was going to have to speak directly with the hackers and see what was on offer
I took a deep breath and sent a message.
Over the course of 3 ½ hours I did my best to negotiate…
but they were having none of that.
I tried appealing to their sense of conscience ..
But they laughed in my face
Finally, I did my best to appeal with a sense of compassion to a hooded bandit the initial request of US$2,000
I have no idea how I did this but…
I did manage to get them down to US$1,000 but there was no way that could occur as my client did not have the money.
We were stuffed.
With tears in her eyes I explained to the owner I tried my best but the only option if she couldn’t pay the ransom was to rebuild their system…
Without any back-up for me to call upon
My shoulders slumped…
How many times have I told people to back up and back up regularly?
Why isn’t the message getting out?
Why must it take something like this for people to get that they need to put things in place to protect themselves?
And implement systems that ensure regular backups are done safely and consistently?
For god sake when are people going to listen?
I put my head in my hands and took a deep breath.
This was going to take around the clock and I wasn’t really ready for it but I’m committed to helping people recover.
Yet I was in conflict…
I’m so sick of seeing the misery, the suffering, the cost, the trauma…
Which all can be avoided by putting some simple strategies in place.
Why don’t people get that their business relies on protecting their data?
I picked up my phone and called my wife to break the news that I wouldn’t be seeing her for much of the weekend.
It was an immense job which was going to cost an arm and leg.
I worked around the clock for best part of two days…
gathering info that we could from the system to be able to rebuild and then…
by 12am on Monday morning, they were back online with email flowing again.
Naturally changes needed to be put in place…
and security needed to increase,
so, I negotiated a deal with Sophos who provided an extremely heavily discounted Firewall and Endpoint solution to help in the process.
This will stay with me forever
I believe it is my duty to summarise the following 5 points for you to take away from this:
- Don’t ever think it can’t happen to you. It can
- You can choose to invest in a strategy to protect yourself along with some products that will protect your business and livelihood, or you can play Russian roulette and suffer the costly blowouts to have someone like me mop up the mess
- You can sit in the naiivity that firewalls will protect you but that is just BS. CybercrimeIS amultimillion-dollarbusiness which is coming up with inventive ways to attack.
Therefore, our Federal Government acted last year and introduced a piece of Federal Legislation to push small business owners into action to protect yourself or fine you if you don’t comply. This is as serious as it gets.
- It costs a lot more to recover than to pay for a small investment in a business you have worked so hard to build
- Finally, do you know why hackers are targeting Australian small businesses? Because they have worked out that we are an affluent country and the statistics are that we will pay the ransom every single time.Don’t pay
To protect yourself in one simple step, pick up the phone and let’s chat 1300 942 000
Once again, I appreciate this opportunity to work with you to keep your business safe
Regards
Gary Lowe
IT Security Specialist
Cynosura
