@scottalanmiller thanks Scott !!!
Posts made by stus
-
RE: Ransomware hits admin workstation and kills 7 servers
Yes, there is some irony here. LOL
-
RE: Ransomware hits admin workstation and kills 7 servers
The AV on the workstation was McAfee, but did not block the malware executing when the admin (in a weak moment) clicked on something...
-
Ransomware hits admin workstation and kills 7 servers
I wanted to share a horror story with you, something that happened to somebody the day before yesterday. This is what happened in their own words:
"We are a 250 employee non-profit and we heavily rely on our computer systems in almost everything we do. Yesterday, one of our admin workstations was hit with CryptoWall Version 2.0, and because this workstation had drives mapped to all our servers, and the administrator had permissions, all our seven servers were encrypted and we were dead in the water.
CryptoWall took just 55 minutes to encrypt 75 Gigs of information, and it had penetrated most of our network before we found out what was happening, isolate the workstation and get it disconnected from the network. We had backups of the seven servers but it would take days to restore those, so we opted to find out if we could decrypt the files first.
Luckily we had just signed up for KnowBe4’s Kevin Mitnick Security Awareness Training, which came with a crypto-ransom guarantee in case something like this would happen. We called them and got instant help with this very urgent problem.
They had bitcoins ready in a wallet and were able to pay the $500 ransom within hours. The CryptoWall criminals were actually also pretty quick, and we were issued our decryption key soon after. We immediately started to decrypt all the files with the provided decryption tool and pulled an all-nighter. It was amazing how long it took to get through all of the data. It finally completed at around 8:30 am. So we estimate about 18 hours of running the decrypt tool on our 75 gigs of data.
So far it only appears that one older database file was corrupted during the encryption, but we restored it from our backup and all is fine. I can’t say enough about KnowBe4’s quick response and support with this situation. We dodged a very big bullet here.
While only a portion of our staff have completed the training, something tells me more will complete the training requirement after this event. Thank you very much!" - Q.M. IT Director
As you can see, ransomware hitting a key employee like an admin or perhaps a CEO, controller, or CFO with a lot of access, can do immense damage.
Having all employees step through security awareness training and sending them simulated phishing attacks, is an essential element of your defense-in-depth!
Warm regards, Stu