I know you are all anxious to know what happened to the local business that encountered an unfortunate ransomware virus attack 1 week ago.
After realizing they had no good backups, the only solution was to pay the ransom and to cross our fingers that the hackers would provide us the decryption key. Unfortunately the $4,000 in ransom was requested in bitcoin and it took over 3 days to get the process going and the bitcoins acquired and transferred. In the meantime that business had to revert to appointments by memory and paper logs in order to stay operational. By Wednesday afternoon we were lucky enough to get the decryption key emailed to us so we could start the process of rebuilding their server. Junopi is now working on setting up a backup server and offsite backups for that business to avoid another data loss scenario.
While working on finding possible decryption solutions Junopi discovered that the hackers were able to access and encrypt that server through an open RDP port (remote desktop connection) on the server. The business owner as well as their accountant had access to the server to work from home. Unfortunately, the open port and a weak password were just the right ingredients to bring that business to a grinding halt.
If you, or anyone in your office accesses the server or a workstation remotely using a remote desktop connection without using a secure VPN connection (virtual private network) please contact us as soon as possible, so we can set up a VPN connection for you. In the meantime, we will conduct a (no charge) audit to make sure everyone using RDP has a secure VPN connection via their firewall.
This past week was a good reminder that secure passwords can’t protect you from everything, but they do go a long way. If you have not changed your passwords in a while, are using ‘Password1234’ or have no password at all, please take a few minutes to update your work and personal accounts to a more secure password.
Have a wonderful week and stay safe!