How to beat the Cybercriminals – A True Story

By Ashley Fontes, Communications Manager, Tech Networks of Boston

blog image - AshleyA few weeks ago, one of our clients was hit with a ransomware software attack that made company files inaccessible, leaving most of their employees unable to work for several hours. If you don’t already know about ransomware, this means your files could be locked so that you cannot use them, you could be prevented from accessing Windows, and certain apps could be blocked from running. Worst of all, these cybercriminals demand large amounts of money for files to be retrieved. Sounds like a nightmare, right?

As ransomware attacks are becoming more common, IT engineers are trained to establish preventative measures to recover from an attack if one was to ever occur.  Tech Networks had been working with our nonprofit client for the past two years, reviewing and consistently improving their security as part of an overall infrastructure upgrade. These preventative efforts ended up paying dividends in this situation.

So what happened?

One of the client’s employees noticed the files on their network drive looked different and were unable to be opened. Upon further investigation, our engineer confirmed that the files were encrypted and ransom notes were left in all file folders.

Once the ransomware attack was identified, the organization was able to move forward without panic, as the recovery process was communicated to their employees. Their systems were fully restored within a few hours, with little operational disruption. With a proper backup and disaster recovery plan in place, the nonprofit was able to continue business operations without having to pay a hefty ransom fee to the cybercriminals for their files.

But what about the security features already enabled on machines?

There are several very effective tools and techniques that can help you address many of the common threats and problems, including firewalls, virus production tools, Internet Content filtering, and more. However, if any of these tools were 100% effective, there would be no security breaches. As soon as a known threat is addressed by these tools, a new one emerges.

Some preventative measures to keep you safe:

  • Never let any employee’s account be set to never expire, even if they want it this way.
  • Set password policies to never allow previous passwords, and change passwords every three months.
  • Never send passwords through open email, always use encrypted messages for sensitive information.
  • Using cellphones for SMS texts can be useful as a “back-channel” communication method during an attack, but this method is also not encrypted and the information relayed could be retrieved by an attacker/eavesdropper.
  • Always run security updates and make sure the latest patches are installed on your operating system.

We hope this story can encourage your organization to employ strict password procedures and security practices, and eventually save you from a hefty payment to a cybercriminal.

Remember – the ultimate key to beating ransomware is to prevent, not react.