Tales of Crypto-woe: How Ransomware is Changing Data Security

[dropcap style=”square” size=”small”]I[/dropcap]n the world of IT support, there is one thing that will send shivers down the spine of even the most experienced and knowledgeable IT support technicians: Ransomware. I have never had a customer get ransomware and have it stay a good day.

[quote]
[quote_content]there is one thing that will send shivers down the spine of even the most experienced and knowledgeable IT support technicians: Ransomware.[/quote_content]
[/quote]

[heading size=”3″ color=”e.g. #000″]A Client Gets Cryptowall[/heading]

Let me relate a personal experience I recently had: I get a call early one morning from a law firm we supported. Their case management software is saying that the database cannot be found. I login remotely to their server and check it out. Sure enough I can’t reach the database even as the administrator, so I dig deeper. As I look in the folder that contains the database to check permissions I run across the dreaded Cryptowall Read This file. The database file has been encrypted. To make matters worse, this particular client had cancelled their off-site backups contract thinking it was too expensive for something they never use. I hurry and check shadow copies hoping to find it there, but I am too late. Shadow copies have been deleted by the ransomware virus. For all intents and purposes, my client’s data is gone. And there is only one way to get it back: Pay the ransom.

This is where a seemingly good day turned bad, and well, weird. As I read the ransomware instructions it seems simple enough: Get $700 worth of bitcoins and send it to a specific account number, and once the money is received they will send me the decryption program and key. Turns out, getting bitcoins is not that simple. At least at the time, I signed up for and setup about 5 different online bitcoin exchange accounts only to find out that they only allowed a small amount of bitcoins to be purchased per day ($150-$250 worth). I could not spend 3 or 4 days buying enough bitcoins and leave my client dead in the water for that entire time. Next, I found a listing of local bitcoin dealers. I contacted several and finally heard back from one named Kevin. I spoke to Kevin and we agreed to meet at a local Starbucks. I would bring an envelope of cash, and he would transfer the bitcoins to me. Nothing invokes images of back alley deals gone wrong like meeting a complete and total stranger with an envelope full of cash.

[quote]
[quote_content]I would bring an envelope of cash, and he would transfer the bitcoins to me. Nothing invokes images of back alley deals gone wrong like meeting a complete and total stranger with an envelope full of cash.[/quote_content]
[/quote]

To make matters even more interesting, Bitcoins are an extremely volatile currency. I read online that you should purchase more Bitcoins than you need because the value may change before you are able to make the payment. Luckily I heeded this advice. I needed $700 worth of bitcoins, but I purchased $800 from Kevin. Good thing, because it took a couple hours for Kevin’s transfer of Bitcoins to become available for my use, and by the time I made the payment my $800 worth of Bitcoins was only worth $738. I made the $700 ransom payment in full, and then I waited. And waited, and waited. Some 6.5 hours later, and after a lot of worry that the “honest” hackers who developed the ransomware were taking my money and leaving my client’s data encrypted, I finally got the decryption program. It took a while to run, but I was able to decrypt all my client’s files and get them back up and running.

[heading size=”3″ color=”e.g. #000″]The Cost of Data Loss[/heading]

Now, let’s recap in business terms. It took me over 2 hours to get a hold of a local Bitcoin dealer, then he couldn’t meet me until later in the afternoon. By the time I meet him, he transfers the bitcoins to me, and they become available for me to use the business day is over. After that it takes another 6.5 hours for the payment to be accepted and the decryption program to be released by the ransomware hackers. All told, best case scenario the client lost a day. In some cases, it could easily be more. This particular law firm has over 10 lawyers and countless paralegals. They bill anywhere from $500-$2,000 per hour. According to their office manager, that one day cost them between $50,000 and $100,000.

[heading size=”3″ color=”e.g. #000″]Ransomware is Getting Too Sophisticated[/heading]

One last story, and then my main point. Some of my customers have expressed to me that they are very computer savvy. They would not open viruses or ransomware such as Cryptowall. While I agree in principle that understanding the common pitfalls and being computer savvy can help you avoid getting viruses, it is not enough. Viruses, Malware, ransomware, and the computer nerds who make them are becoming more and more sophisticated, and some are backed by organized crime from the more nefarious parts of the world. I had another client get a variant of ransomware, and the way they got it sent shivers down my spine. This client had put up job postings on Craigslist, Jobing.com and more. In response to these postings, this client got an email entitled “My Resume”. Inside the email it addressed my client by name, and said something to the effect of “I am very interested in your job posting. Please review my attached resume.” It was signed by a normal sounding name and came from a fairly normal looking Gmail account. Attached was a Word document titled “resume.docx”. That word document contained a macro that installed the ransomware the second it was opened. Even with all my knowledge and experience in the IT industry and cleaning viruses for a living, I am not sure that I would have spotted that email and not opened the attached document. The perpetrators of the ransomware had data mined the job posting and pulled out the owner’s name and addressed the email to him. They offered a fairly common response to the job posting, and offered a copy of their resume for review. Very effective and very scary for businesses everywhere.

[quote]
[quote_content]The perpetrators of the ransomware had data mined the job posting and pulled out the owner’s name and addressed the email to him.[/quote_content]
[/quote]

[heading size=”3″ color=”e.g. #000″]Two Important Questions[/heading]

As fun as it is to tell the story of meeting strangers at Starbucks to exchange envelopes of cash like an old detective movie, or to tell scary stories of the sophisticated lengths these new viruses and their perpetrators are going to, the reality of the situation is that it means the days of not having thorough and robust data backups and disaster recovery plans in place for your business are over. Every business owner today should be asking themselves two important questions:

  1. How long could my company survive without access to any of our computer data?
  2. How quickly could I recover all my data and be back up and running if a disaster were to strike?

In the case of my client above, one day of downtime cost them tens of thousands of dollars in billable work. They also had to pay me to fix the issue. Finally, it cost them their good reputation with clients that were expecting work to be done that day. All those issues can be overcome, but is it worth it? Furthermore, this particular company had the means to weather the problem. Not all companies would. For instance, what would happen to an accounting firm who got such a virus on April 13th. Finally, it is important for businesses to realize that it is not a question of IF they will get a virus, but WHEN will they get it and to plan accordingly.

[heading size=”3″ color=”e.g. #000″]4 Easy Steps To Protect Yourself From Ransomware[/heading]

Here are four easy steps you can take to protect your company from today’s sophisticated viruses, malware and ransomware.

  1. Have a current anti-virus subscription. Get away from “free” versions that are not as comprehensive or good at protecting your computers and servers.
  2. Have a minimum of one month’s worth of daily backups. Sometimes clients do not catch viruses right away, and we have to go back a week or more to restore their data.
  3. There should be a copy of these backups on some type of hard drive or storage device on-site. Local copies take a lot less time to restore from because there is no downloading involved. This is key to reducing down time to a minimum.
  4. There should also be a copy of your backups off-site. Many of the newer and more sophisticated viruses, malware and ransomware are beginning to be designed to search for and destroy backups. It is important as a fail-safe to have a copy stored safely off-site.

These 4 steps are not the only things you can do to protect yourself from viruses and rasomware, but they are the bare minimum. Anything less is asking for major trouble.

share this:
Need IT Support? Call (480) 701-0071 or use the form below to Request a Callback!

RELATED POSTS

computer issues

Why do I suddenly have a bad internet connection in Phoenix?

Ever wondered why your internet in Phoenix went from fast to slow? Many people in Phoenix face this problem. Let’s look at why it happens and how to fix it. Key Takeaways Many Phoenix residents experience sudden drops in internet speed and reliability. Even extensive in-home troubleshooting may not resolve sudden internet speed issues. Network outages, router, and modem issues, as well as signal interference, are common culprits. Service providers often report healthy networks despite customer complaints. Understanding these issues can help in effectively addressing and resolving internet connection problems in Phoenix. Common Causes of Sudden Bad Internet Connections Having a bad internet connection can be really frustrating, and it’s even

Read More »
Security breach employee education in a conference room

What are the 7 domains of IT security?

Did you know that 68% of business leaders worry about their cybersecurity risks? This shows how important a strong IT security system is. In today’s world, keeping your digital assets safe from cyber threats is key. The 7 domains of IT security give a detailed plan to handle these risks. Each domain is a vital part of the defense, protecting every part of your IT system. Knowing these layers is key to good cybersecurity management. It makes your IT security stronger and more stable. Key Takeaways The 7 domains of IT security form a complete plan for managing cybersecurity risks. Each domain is a defense layer against cyber threats. Understanding these domains is vital for a strong IT security system. More than 68% of business leaders are worried about growing cybersecurity risks. Good cybersecurity management is critical in today’s digital world. The framework protects different parts of your organization’s IT environment. Overview of IT Security Domains IT security domains are key to keeping data safe in many fields. Each one focuses on different parts of keeping information secure. This helps protect against many threats. These domains cover things like how people interact with systems, how data moves, and how it’s kept safe. By breaking down security into these areas, companies can better protect their data. This makes it easier to keep information safe and respond to new threats. Today’s world of cybersecurity faces many dangers, like phishing and malware. Breaking down security into different areas helps use resources better. This creates a strong defense against threats. Domain Primary Focus Key Elements User Domain User Behavior & Access Control Authentication, User Training Workstation Domain

Read More »