Ransomware Strikes Again

Meltdown and Spectre Flaw
January 5, 2018
web hosting
GoDaddy Managed WordPress Pro Beta Experience
January 13, 2018

A new client in Calgary contacted us for IT support today. They mentioned they couldn’t get a hold of their current provider, and that their files on the server had been encrypted due to ransomware from an email attachment.

We knew immediately what we were walking into when we received this call...and it wasn't good!

Upon arriving, we had investigated the issue and confirmed that the client was affected with the Ransomware known as Wannacry (the name is fitting considering what the virus does).

We could see that the owner was worried as to what was happening, and we don’t blame him! This is one of the most dreadful experiences any business can experience as it brings your operations to a standstill until the issues are resolved.

An assessment of the environment was performed to see what solutions are in place for the backups. While reviewing the backup console, we noticed that the backups had failed over the past week. After mentioning this to the new client, they asked us to do what we can to recover the data from the past week.

Once we knew that the backups would be a last resort option, a review was performed to see if we can restore the files from snapshots on the volume of the server. Once we reviewed the server snapshots, we saw that there were errors in the configuration, and the information could not be restored.

After explaining to the client that the week-old backup was the only solution we could resort to restoring, we had set to work immediately to have them back up and running as quickly as possible. After a few hours in performing the restore, we had the client back up and running as per normal.

Once the network was up and running again, the client had asked us for the measures which could be taken to prevent this from happening again. A full assessment was performed for the client, and we found that their IT support could have done more to prevent ransomware affecting their business operations today.

First and foremost, ensuring that the backups are managed, maintained, monitored and tested! We can not stress this enough. This is something that’s usually included with IT services. If you’re not sure, ask your provider if they are performing these tasks for your business.

In addition to utilizing local backups, we highly recommend using a cloud backup solution (more information can be found here. Our cloud based backup solution is guaranteed to safeguard your data, and allow for data archiving. These solutions are also monitored to ensure that your backups are completing daily.

Second, we found that the client was using Microsoft Security Essentials as their anti-virus solution. The client had mentioned to us that their IT support provider had mentioned that this is a decent product and will prevent most attacks in an environment.

Unfortunately, this isn’t true. Having a proper managed anti-virus solution in place, such as BitDefender will help prevent ransomware in it’s tracks. Many of the anti-virus products now monitor the behaviours to detect how ransomware works, and stops it when it happens.

As we support several small businesses, anti-virus is the first product we look at when assessing an environment. We believe that this is one of the first pieces of software which should be evaluated to ensure it's giving the proper performance, and security for all the end users

As most ransomware is delivered through email, we had also suggested that they move away from their current provider to Office 365 as there are more security features embedded with Office 365 to prevent malicious emails from coming through.

While Office 365 may be great at preventing malicious emails from getting into an environment, we also recommended to have additional spam filtering in place to detect these items.

After our client was back up and running, and our assessment complete they had asked us to start putting these measures in place. According to the business owner, the downtime they had experienced today due to the ransomware had cost them more financially than the actual solutions we would be putting in place for them.