The radio station was hit by ransomware, some PCs ruined, a lot of music tracks gone and a lot to recover, but if you take precautions then the problems can be dealt with.
One computer displayed this message:-
Your information has been ransomed.
Your data has been encrypted and you cannot recover it unless you pay a ransom.
You will pay the ransom in Bitcoins and the longer you leave it before calling the higher the cost will be.
Checking PCs showed it wasn’t a hoax, there had been such an attack.
It’s a simple choice – do you pay and possibly get the decryption key or do you ignore the criminals and work to restore your systems? The chairman decided not to pay, on principle and he called the Police to report the crime.
The IT experts determined that while some encryption had taken place and hence those files were unusable, almost everything was intact despite the attackers warning. Only a few PCs had been attacked and the rest were untouched.
The Method of Attack
The means of attack was identified and the security loophole blocked at the firewall.
The criminals had used a flaw in Microsoft remote control desktop to access the systems without needing a password. The software was then deleted off all computers.
The Recovery Process
Now the bad guys could no longer access the systems, it was safe to start purging the encrypted data and restore from backup. Without appropriate backups things would have been much worse.
- Comprehensive regular backups are absolutely essential, including off site backups
- Any connections to the Internet must be well protected
- Only run systems and services through an external firewall if essential and ensure these are well protected
- Ensure all security patches are installed ASAP
- Take regular security audits
- Be prepared for such an attack and plan for how to deal with the aftermath
For the more detailed version of this story go to http://www.fightbackonline.org/index.php?id=112:radio-station-fights-off-ransomware-attack
For an introduction to ransomware, look at https://fightback.ninja/ransomware-what-is-it-2/
Do Share this post on social media