Recently we got a call to help a local metal fabrication company deal with a ransomware attack that brought their business to a screeching halt.
Their story offers a lesson to any business still using old hardware and software, or not updating their online security.
Online threats become more numerous and sophisticated every day. Outdated computers and legacy operating systems simply can’t keep up, or keep your organization safe.
Do you recognize yourself in this story?
Ransomware Attacks: A Growing Threat
Ransomware is one of the biggest cybercrime problems that business face today. It locks up your files and systems, making them unusable until you pay a ransom (usually in Bitcoin) for the decryption key to unlock them.
That’s what happened to MetalFab (not their real name). A ransomware variety known as Phobos encrypted 90% of their computers and servers within minutes, making everything on them inaccessible.
Nearly all of their IT infrastructure was onsite and vulnerable. Their only cloud software was web-based email.
And like 90% of cyberattacks, the problem started with email.
Someone clicked a link in an email that they shouldn’t have. That’s all it took.
Back in Action
We engage, we quarantine the source, we assess.
After disconnecting everything to prevent further infection, we switched into recovery mode. Here’s what we did:
Backups and Disaster Recovery Plan
MetalFab had no backups of their applications or data. That meant that some data was gone for good. So we restored what they had and reimaged their servers, which got them back in action.
A Disaster Recovery Plan might have helped them bounce back more quickly, with fewer losses. But they didn’t have that either.
Creating a backup schedule and Disaster Recovery Plan will keep their data safe in multiple locations, and help them get it back in case of another outage.
Hardware and Applications
Most of their computers and servers were old or legacy equipment. Some were running Windows 7 or Vista. MetalFab hadn’t upgraded anything in years.
So it made more sense to replace instead of upgrade. We installed new desktops, servers, and switches capable of today’s advanced cybersecurity measures.
MetalFab’s security was as outdated as their hardware. They had a local firewall and basic antivirus software. Their email had spam filtering but no server gateways to protect their network. So the malicious email got through.
We started by installing a new firewall that’s such a major upgrade it’s not even comparable. We’re also working with MetalFab to update and strengthen their security against future cyberattacks.
Security experts agree: User education is online security’s weakest link.
So we’re teaching MetalFab about ransomware, phishing, social engineering, and other threats.
Sure, we can fix things. But it’s much better if you know how to prevent them.
Four Key Lessons
What are the lessons for other businesses?
- Backups. Backups are not optional. You can’t restore data that doesn’t exist.
- Layered Security. A layered security approach (firewall, malware protection, advanced reporting) makes it that much harder for cyberattacks to get through.
- Disaster Recovery Plan. Develop a DRP, and review and test it regularly.
- Education. Always be training. Employees come and go, and the threat of cyberattacks is always changing.
- Managed IT Services. An experienced IT services company like PC Professional knows about cybersecurity and can ensure you’re always safe and up to date.
A Final Word
The ransomware attack on MetalFab really opened their eyes. After years of inattention, the CEO has decided to spend more money on security.
MetalFab got lucky. They weren’t well prepared, but they didn’t get driven out of business like 60% of companies who suffer a ransomware attack. Replacing all those computers cost a bit, but it was a one-time thing.
Ransomware attacks fast, but it’s not instantaneous. That means you can minimize the damage if you’re prepared.
Drop us a line and we can show you how.
(Photo: U.S. Air Force Graphic by Adam Butterick)