Microsoft Power Apps

Data Security and Ransomware

If you are worried about your IT Data Security then you need to read the following.

Last week we were called to a company that had a virus which encrypted data on a PC AND their Server. It took about 4 days to get the system up and running and finally the company had to pay money to a foreign company to get the data unencrypted.

In a related issue I posted an article about a recent TV show “The Good Wife” which had a story line about a virus and “Ransom Ware”. http://www.compuland.ie/how-does-the-good-wife-effect-your-back-ups/

And here we are two weeks later and the exact same thing happens in Cork.

Details are -:
• 4 PC network and a Server with full back up system and Symantec Endpoint security system.
• System has been operating for a number of years with no issues.
• One of the users received an invoice from DHL.
• They opened same and all seemed OK.
• 5 Minutes later an image appears on the screen saying their data was encrypted and they would have to pay 2 “Bit Coins” to release the data.
• All the data on the computer was encrypted and could not be accessed.
• This company then called Compuland for help/advice.
• The easiest thing to do was simply to replace the PC and restore the Server BackUp.
• However, the company had saved lots of info on the PC that was not backed up so needed to access the data.
• Also, the backup system/paths had not been maintained/updated so we could not do a full restore of the server.
• Only option is to buy these coins and pay same.
• Data was eventually released. Client reported same to the Gardai who said that they are hearing more about this issue on a daily basis.
• This type of Virus is called Ransom Ware. For more details check out http://www.pcworld.com/article/2084002/how-to-rescue-your-pc-from-ransomware.html

Lessons to be learned.
1. It is almost impossible to resist opening emails from recognised companies like DHL but you need to try. If you or your colleagues receive an email that you are not expecting….do you really need to open it. Best to delete same.
2. The infected machine was running XP. These machines are no longer supported with security patches and thus are a conduit for the above.
3. Server 2003 will be in a similar situation from this July.
4. NO matter how many times you tell people not to…..everyone saves data to their C drive. In most cases the local C Drive is NOT backed up.
5. Everyone backs up their Server. But over time the server file structure may change or systems are moved/changed/upgraded. The only way of ensuring that your DATA back up and Disaster Recovery Plan is working is that they MUST be tested on a remote system.

Options
If you want
1. your IT system audited with a report on security weaknesses
2. and/or your Back Up System tested on our Independent, Secure, Virtual servers
3. and/or your Disaster Recovery Plan tested on our Independent, Secure, Virtual servers

then contact us to arrange a review of your system.

But at the very least you MUST remove all XP machines and if your Server software is 2003 then start planning to replace before end of June.

Best Regards

Mark Murphy
021 4544 144

 

, ,

Comments are closed.