Managed IT Case Study: Cybersecurity
by Gordon Flesch Company, on 12/07/2018
GFC MANAGED IT REPULSES HACK ATTACK
An employee with a Midwestern healthcare provider called the Gordon Flesch Company Help Desk to say she couldn’t open a file on her server’s shared drive. She also noticed that the file extension on the spreadsheet she was trying to open had been changed from .xls to .payday. While this might seem like a rather mundane problem, the customer support representative immediately recognized the telltale signs of a virus called CryptoLocker, which the New York Times describes as “a particularly ruthless ransomware program.”
STEP 1: BACK TO BUSINESS
The GFC support team lead asked the customer to have all computers shut down across the company’s dozen offices. When our team assessed the situation, we found 156,000 files on the company’s data server and 2,282 files on the company’s terminal server had already been corrupted and encrypted. They also found the following digital ransom note with a return address:
all your files have been encrypted
want return files?
write on email: firstname.lastname@example.org
This type of ransomware spreads through “phishing” - emails or downloads that look like they’re from legitimate businesses. Once someone clicks the link, a virus can spread from one system to the next, locking up computer files behind unbreakable encryption. The victim is expected to pay a ransom, after which the hackers may or may not unlock the computers.
STEP 2: IDENTIFY THE ENEMY
Thanks to the Continuity247 Backup and Disaster Recovery (BDR) solution backing up the company’s systems, GFC was able to restore the organization’s servers back to 10 a.m. that morning — a time just before the infection occurred. Within an hour of discovering the attack, the company was able to resume working using a backup copy of their environment. “This is among the worst types of ransomware we have seen,” says David Eichkorn Managed IT Services Manager, GFC. “But the good news is that this client had the right protection systems in place to provide a response plan that restored business operations within hours with no data loss – as if nothing had happened.
STEP 3: ELIMINATE THE THREAT
However, once the immediate threat was neutralized, GFC still had to fully cleanse the system. Over the weekend, GFC’s partner Continuum used the Continuity 247 BDR solution to do a “bare metal restore” to wipe out any remnants of the virus which may still exist on the company’s machines. By Sunday morning, the company’s systems were fully updated and clean. “Even if you pay the ransom, many times the attackers will leave a virus on your system so they can attack again,” says Eichkorn. “That’s why it’s important to wipe out any traces of the ransomware code.”
"You can never completely eliminate the risk of a cyberattack. But with the right cybersecurity and Managed IT solution in place, you can mitigate the risks, defend your company and focus on what’s important your business.”
— David Eichkorn
Managed IT Services Manager, GFC