This is a true story about a real client with a real nightmare scenario and how we helped. Of course, I’m going to change the names to protect the innocent, I don’t want to throw anybody under the bus. I know there’s a lot of people who might be reading this that are not using our services yet, and so this might be a little bit of motivation why you might want to work with us.
So, I’ve been called paranoid, I’ve been called neurotic, I’ve been called maybe overly cautious… but the reason for that is because if you saw the things that I see on a fairly regular basis, you’d be freaked out too. What I want to talk about is a specific company, a retail company. They were a wholesaler, and they sell inventory. That’s as specific as I’m gonna get.
They had called me up, and I talked to them about managing their network, and they were not managed at that point. They contacted me because they couldn’t find some documents they were looking for. I was like “Hmm, well that’s weird. I’ll just go over there, maybe they just moved them, I’ll probably just need to search the drive and find what we can find, maybe we can restore a backup or something.”
I get over there, and she’s like “Yeah, the files, they were right here, and this is where the files were.” She opens her Dropbox™, and in her Dropbox™, there are some weird looking files, with weird looking extensions, in a READ.ME file. And I’m like “Well, that’s really weird. What’s the READ.ME file say?”
I read it, and it says: WE HAVE YOUR FILES. THEY ARE ENCRYPTED. SEND SOME BITCOIN TO THIS WALLET ADDRESS (then it had some 10 or 20 digits long Bitcoin Wallet address) SEND SOME BITCOIN TO THIS AND WE WILL DECRYPT YOUR FILES.
And I said “Oh no. You guys have ransomware.”
So… what is ransomware? Well, they were literally holding their data for ransom. These were sales forms that the salespeople use to compute how much their profit margin was, how much tax they were supposed to charge… these were the essential forms the salespeople use to sell their product. And they sell expensive products, too.
They were not able to do that math. They had all of their formulas built into the spreadsheet. They also had some other documentation about their clients, their customer lists… and they had all this in Dropbox™, all being synchronized to all the computers in the office.
I did not tell them to do that, I did not think that that was a good idea, but that was what they were doing.
I went to another computer, sure enough, there were the encrypted files and a little READ.ME file. Same exact files. So I’m thinking “Great, what’s going on here…” I try to get ahold of DropBox™, I try to go to Dropbox™ and restore the files, that didn’t work.
Luckily they did have a backup. I was not managing it, I hadn’t checked it. But, they did have a backup that had been set up, so I went and checked the backup.
I was able to restore the files. The backup was on another computer the ransomware had not spread yet, it had just encrypted all the files in that DropBox™ folder. I would think DropBox™ is at least smart enough to filter out those bugs, but it still shared the newly formed, encrypted files, which were useless to them. Yeah, big problem.
We ended up needing to run a managed antivirus, get them on some kind of antivirus setup, sweep the whole network… it took hours. We stayed late that night. It was not a fun night, it was definitely not what I wanted to do with my night when I thought I was coming over to find some misplaced files, and instead I walked into a ransomware infection.
How could this have been prevented? I think what happened, what she told me, was that she had gotten an email from somebody and she clicked on the link. “What is this invoice, who is this invoice for? *.zip file, open it up*… She had GoDaddy© email. We do not suggest GoDaddy© email!
“What is this weird little file? I’ll open it up, oh look at this, there’s nothing in this! That’s weird, where did it go? Oh well, whatever…”
Now my files are encrypted, now I have to pay somebody.
She didn’t even realize what was going on. We ended up having to sweep all the computers, run a deep virus scan on all the computers across the entire network, clean up the mess, and only THEN could we restore their backup.
I’m not going to restore their backup, or even connect the backup drive to a potentially virus-ridden computer. Had the backup been on the computer that they were using, it would have destroyed the backups. It would have encrypted those too.
So, it was a huge mess. Let’s just say from that point on, they are most definitely paying us to manage their backup (which is offsite now, and keeps versions so that even if one version did get encrypted they could just roll back to the day before that), we’re managing their antivirus, we’re scrubbing their emails that come (on a much better email server)…
And we are managing all of this 25/7, 365, all day long watching to make sure nothing like this happens again. We make it so the company can continue to do business with the files they have. They almost lost all of their sales forms, all of their customer data, simply for the fact that they wanted to go skimpy and cheap on their virus-scanning, wanted to go cheap on their email, wanted to go cheap on their file-sharing.
You get what you pay for, and they just about had every single thing lost. Now, I’m not telling you this to scare you, I’m telling you this because it’s the kind of stuff that I see, and they are the kinds of problems that I’m having to deal with that I would LOVE to prevent.
It is so much easier to prevent a problem than it is to try and clean it up. Like Benjamin Franklin said: “An ounce of prevention is worth a pound of cure.” So give me a call today! I would love to come talk to you, run a security audit on your network.
(865)406-4015 or send us an email at [email protected]
If you’re not managed, we would love to manage you. If you are managed, you’re good! We are running some security training for employees that we would love to give to you for 100% free.
Leave a Reply