page contents

You know what really gets our goat?  It’s the blissful disregard for IT security displayed by many business owners, IT managers and employees.  While it’s true that there is no such thing as an entirely secure computer or computer network, there are steps that can be taken to significantly reduce the likelihood of contracting a computer virus and losing all your data.  And guess what?  It starts with you!

Your Own Worst Enemy

Let’s get this straight from the get-go.  If you are calling an IT service after a breach, you are calling too late.  Don’t be your own worst enemy.  Consider the following case study and try to identify how much like this client your business is.

A Case Study In How to Get a Computer Virus

You are the VP of Operations for a thirty-year-old company.  Over the last five years, business and revenue have grown at a rate that’s been difficult to keep up with.  Money is flowing in and everything is wonderful.  The thought crosses your mind that maybe now is the right time to contract with a managed IT service provider to handle your ongoing IT concerns, and to take an honest look at the existing infrastructure for potential security issues.  After all, you have been adding more and more devices to your network without so much as a second thought.  However, you haven’t been able to shake the feeling that as business becomes more successful, your network and computers seem to be getting slower.

Here’s the rub: You want the owner of the company to see this increased revenue without a corresponding increase in spending.  He doesn’t understand or value IT, so you let it ride…

As time goes on, you notice that your job as VP of Operations is almost exclusively taken up dealing with minor technical issues and fielding IT related complaints.  Everything is slow.  Productivity and morale are on the decline.

One morning you come to work and are greeted by your office manager.  She informs you that she cannot access any of the files on the file server.  You begin to sweat, and though you are unsure what happened, you know it’s not good and it’s your fault.

Ransomware-Cryptolocker-Virus-ScreenshotUpon logging onto the file server you are greeted with the not-so-friendly message pictured on the right. Your file server has been infected by a ransomware. In a full panic you call the owner and tell him that all company data has been encrypted and that production on all fronts has ceased. Your owner asks what the options are, and you tell him that you do not know.

Faced with the uncertainty of prolonged downtime, loss of revenue and potential loss of all company data, your owner tells you to pay the ransom. $1,500 later you have your files back, but your reputation is ruined.  How could this have happened?

Seriously?  What Did You Expect?

Sometimes there is no easy way to say you brought this on yourself. It’s best to just move forward ensuring that something like this will never happen again.  In the case above, there were so many red flags and potential weak points that it’s obvious that this entire business was well versed in how to get a computer virus.  Below are the security issues that lead to this ransomware attack.

Expired Firewall Subscription

Your firewall is the bubble around your entire network.  Therefore, it is arguably the most important component in building a secure network.  What foresight it took to purchase a firewall!  How crazy it was to let the subscriptions expire!  Firewalls rely on constant updating to protect against new threats, but they cannot get their updates without a subscription.  Allowing the subscription on the firewall to expire was the first step in getting a ransomware.

Expired Advanced Email Protection Subscription

The business had always hosted their own mail server.  This was mostly a matter of cost savings.  Functionality, compared to cloud-based email and hosted solutions, was limited.  As part of the self-hosting model, an advanced email protection service was purchased on a subscription basis.  As long as the subscription was current, the server was protected from most phishing schemes, infected attachments and SPAM.  There was also functionality to block users and domains at the server level.  Unfortunately, this advanced protection had been expired for months, rendering it useless.

Inconsistent Desktop Security

Almost every desktop in the entire environment had a different endpoint protection product or none at all.  Most were expired.  Some computers had two or three different antivirus products installed concurrently.  None of these scanners reported to a centrally managed dashboard, so if a user got a virus there was no standard operating procedure in place to address it.  Almost all of their twenty computers contained a virus or malware.

Insufficient Backup

The businesses file server was backed up every night to a local hard drive.  The most recent and oldest backups available were both yesterday.  There was no offsite backup in place.  When the ransomware hit, one of the first things it did was locate the backup drive and encrypt it.  This, more than any other factor, was the driving force behind paying the ransom.  Since there were no usable backups, there was no other recourse.

Lapses in Awareness and Training

Ransomware is relatively new.  The client failed to realize that this new threat was a real danger to their data and network.  It was obvious that an employees was indiscriminately clicking on attachments from untrusted sources, given that ransomware is spread through infected email attachments.

Oops!  My Bad!

As it turns out, on a slow Monday afternoon, the owner was checking his email at his desktop computer.  He came upon an email that seemed like it was from a trusted source.  In hindsight, though, it seemed a little weird.  Usually when this particular vendor sent him an invoice there was an email signature and personalized message.  In this case, there was a plain-text email that simply said, “Can you review this invoice and get back to me”.  When he clicked on the attached PDF, nothing seemed to happen.  Unconcerned, he moved on to the next item in his mailbox.  This, right here, is how to get a computer virus.

What the owner didn’t know is that when he clicked on attachment he infected his computer network with a ransomware virus.  This particular ransomware was special.  It wasn’t concerned with infecting the host machine.  It was simply using the host machine to find the file server.  Through a mapped drive it was able to determine the existence and location of the server and install itself on that machine.  It sat dormant until the middle of the night, when no one would be around to notice what was happening.  It deployed itself and the rest was history.  All of their company data was now encrypted behind a paywall.

Rather Be Lucky Than Good?

The potential for serious, life-changing and business-ruining fallout from this little episode was great.  Make no mistake, it was only due to dumb luck that the client didn’t face more serious repercussions.  For one thing, paying the ransom worked.  This is not always the case.  Thankfully, the entire file system was decrypted and all production data was recovered.  Secondly, the owner was the immediate cause.  He knew how to get a computer virus, for sure, but he didn’t fire himself.  Can you image how different the circumstances would have been if anyone besides the owner had been responsible for infecting the network?

Tracing the infection to the owner is the only reason heads didn’t roll, because separate from the immediate cause, the secondary cause of this breach was the laissez faire attitude of those in charge of internal IT.    You might think that it can’t happen to you or your business, but it can.

In the End

These types of events tend to open the eyes of all those involved.  Suddenly all the things that were ignored for years become priority number one.  The business realized the importance of ongoing managed IT services, internet security, hosted exchange email, online offsite backup and all the other IT security measures they were ignoring.  They ended up spending a tremendous amount of money all in one shot instead of spacing those expenditures out over a period off time though proactive maintenance and IT planning.

Today they are in a much better place.  Granted, there is no 100% secure network.  Large and small companies will continue to face similar breaches, but learning from the words above will give you a fighting chance.

By grnpnt

Leave a Reply

Your email address will not be published. Required fields are marked *