Learning About Ransomware – The Hard Way

A small New England retailer learned about ransomware the hard way.  After an employee clicked on a link, that system was infected with Cryptowall.

The malware encrypted, among other files, the company’s accounting software.

The accounting software did not live on that user’s computer;  it lived on the network, but since that user had access to that network drive,  so the malware was able to encrypt the accounting files.  This is a very common situation with ransomware.  It will attempt to encrypt any files that it can get write access to .

The attackers asked for $500 in bitcoin, which is pretty typical.  It is a number which is low enough that many people will decide it is easier to pay up than to deal with it.

The best protections for ransomware is good backups.  More than one copy and not directly accessible from the system under attack, otherwise the ransomware could encrypt the backups also.

Unfortunately for this company, their backup software had not worked for over two years – and they did not know it.

Believe it or not, we see this a lot.  Either backups don’t work, they do not back up all of the critical data or they are out of date.  In many cases, no one has EVER tried to restore from the backup, so how they find out that the backups don’t work is when they try to restore from them.  If systems are backed up individually, then each and every backup needs to be tested.

So in this case, the business owner paid the ransom.

Unfortunately, ransomware, like most software, has bugs in it so when they attempted to decrypt the files after the ransom was paid, the decryption did not work.

The hackers, concerned that their business model would fail if the victims paid the ransom and did not get their data back, even offered to try and decrypt the files – if the business owner sent the files to the hacker.  The owner declined.

At this point the business owner doesn’t think he can trust his systems, but he doesn’t want to spend $10,00 to rebuild them.

And all because an employee clicked on the wrong link.

Information for this post came from True Viral News.

Leave a Reply

Your email address will not be published. Required fields are marked *