work servers hacked

Discussion in 'Bad Dog Cafe' started by GunsOfBrixton, Sep 15, 2021.

  1. GunsOfBrixton

    GunsOfBrixton Friend of Leo's

    Posts:
    2,086
    Joined:
    Dec 9, 2011
    Location:
    Rochester, NY
    As the title says, our web servers at work got hacked and encrypted. Got a ransom demand. The owner is not happy to say the least. I feel bad for our system admin. He works his tail off trying to keep our outdated equipment running (no service plans or backup equipment) and now this. The worst part is, even if we pay for the decryption key the hackers most likely won't send it once they get the money. On top of that, the head of IT and the COO are telling the system admin to contact the FBI because they don't want to.
    Just another day in the life of our company...
     
    Buell likes this.
  2. SRHmusic

    SRHmusic Tele-Afflicted Silver Supporter

    Posts:
    1,179
    Joined:
    Oct 19, 2020
    Location:
    North Carolina, USA
    Good luck with it. Not a good situation. Seems like the rate of these things is increasing. Hopefully there are some clean backups.

    As much as this is happening , a lot of people aren't aware that phishing emails can look like they're from a company address. A tech company I work with did a test to see how many employees would click on a link from a fake "IT admin" email, and they weren't happy with the results... and it only takes one to let the malware in.
     
  3. loopfinding

    loopfinding Friend of Leo's

    Posts:
    3,056
    Joined:
    Jun 19, 2011
    Location:
    europe endless
     
  4. Nubs

    Nubs Friend of Leo's

    Age:
    46
    Posts:
    2,605
    Joined:
    Aug 16, 2014
    Location:
    Houston, TX
    I'm not looking forward to the day we get hit with ransomware. It's such a huge topic nowadays and has all IT folk shaking in their boots.

    Just make sure you have off-site backups just in case, and help employees to recognize a bad email when they see it.
     
    Alex_C and Archtops like this.
  5. buster poser

    buster poser Friend of Leo's Platinum Supporter

    Posts:
    4,545
    Joined:
    May 1, 2018
    Location:
    Tewa Land NM
    Been there, it sucks. Hope there's no blowback for you. Based on what you've written, sounds like your IT head and COO are cowards.
     
    aging_rocker, Cyberi4n and Archtops like this.
  6. Archtops

    Archtops Tele-Meister

    Posts:
    380
    Joined:
    May 12, 2021
    Location:
    SoCal
    Have a complete backup and another server on hand at all times. Then they can go screw themselves.
     
  7. Larry F

    Larry F Doctor of Teleocity Vendor Member

    Posts:
    17,375
    Joined:
    Nov 5, 2006
    Location:
    Iowa City, IA
    I share everyone's concern about ransom attacks. Maybe we'll need a police force of some sort. Something proactive needs to be done about this growing problem.

    Notice that I didn't say cyber force or digital detectives, or whatever.
     
    Timbresmith1 likes this.
  8. teletail

    teletail Friend of Leo's

    Age:
    71
    Posts:
    2,586
    Joined:
    Aug 25, 2019
    Location:
    West By God Virginia
    Good luck with that. I remember during the dot com boom, one of the dumb ass sales people opened an email attachment with a virus and shut our servers down for about 4 hours. This AFTER numerous emails about not opening attachments from anyone you don't know. The next day, the same dumb ass opens another email attachment with a virus and shuts the servers down for about 4 hours again. Management called a meeting, mandatory attendance, and reamed him in front of the whole company. Normally I don't agree with humiliating people, but this guy deserved it.
     
  9. Thrillbilly

    Thrillbilly TDPRI Member

    Posts:
    6
    Joined:
    Jul 24, 2008
    Location:
    Oklahoma
    We've been hit twice at work. Fortunately we have backups, etc.
     
    Archtops, ZackyDog and as5431 like this.
  10. bgmacaw

    bgmacaw Poster Extraordinaire

    Posts:
    7,306
    Joined:
    Feb 11, 2006
    Location:
    Near Athens GA USA
    "I can't get to this website, can you help me?"

     
    Deeve likes this.
  11. Preacher

    Preacher Friend of Leo's

    Posts:
    4,860
    Joined:
    Apr 17, 2007
    Location:
    Big D
    We were all warned!!

     
  12. archetype

    archetype Fiend of Leo's Ad Free Member

    Posts:
    6,519
    Joined:
    Jun 4, 2005
    Location:
    Western NY
    It happens, even in the most secure enviroments, but doing the right things to prevent it improves a company's odds.

    Does your company have any training and follow-up about e-mail phishing? Centralized anti-virus and anti-intrusion that's current? Are everyone's operating system and applications regularly patched or updated? Even my own 1-person company needs this stuff to avoid disaster.

    In your company's case, however, the situation is at least partially a self-inflicted wound. Old equipment, won't pay for vendor service plans, no robust backup plan, so-called "leadership" hiding under their desks, etc.

    Most folks don't understand that staying on top of security improves the odds of the company's business continuity. Your "leadership" is getting a powerful lesson in risk management and business continuity planning. I'll bet $0.37 USD that they don't learn from the experience.
     
    demon likes this.
  13. Deaf Eddie

    Deaf Eddie Friend of Leo's Silver Supporter

    Posts:
    3,304
    Joined:
    Mar 17, 2003
    Location:
    Beautiful Idyllwild, CA
    This morning I hit my usual bookmark to check my credit card statement, and was greeted by a screen that said the link was NOT SECURE. WTF? Same bookmarked link I've used for years...

    I googled the credit card company and got a different link to log in, everything appears to be fine.
     
  14. archetype

    archetype Fiend of Leo's Ad Free Member

    Posts:
    6,519
    Joined:
    Jun 4, 2005
    Location:
    Western NY
    I agree, completely.

    The problem, in my experience with such matters, is the general unwillingness to test these things to see if they work. Also, maintaining the integrity of the backup.

    Is the backup plan logical? Where are the backups? Are the backups tested and good, or are they just as corrupt as the one that needs to be replaced? Can you "hot" failover to the other server? If it's a swap, how much time does it take to get the system back up? Is the company losing money while that happens?

    It's a messy, expensive necessity for a business.
     
    Archtops likes this.
  15. Preacher

    Preacher Friend of Leo's

    Posts:
    4,860
    Joined:
    Apr 17, 2007
    Location:
    Big D
    Seriously though, the unlawful are getting more and more creative.

    I have a friend who owns a chemical company. His accounting lady received an email asking for her to send some $$ to him as he had some unforeseen circumstances while traveling. The amount was almost $20K. The accounting lady looked at the email and figured it was legit. She sent the money.
    When the boss got back she asked about his problems. He did not know what she was talking about so she told him about the email. He asked to see the email and he said at first glance that it looked right, but when he looked again he saw there was a . in the first part of the email that should not have been there.
    They were not able to get their money back, as the transfer had happened a week before but they turned it over to the authorities who said there was not a lot they could do.

    Be diligent and careful people.
     
    Telekarster likes this.
  16. getbent

    getbent Telefied Silver Supporter

    Posts:
    44,642
    Joined:
    Mar 2, 2006
    Location:
    San Benito County, California
    If a single email shuts you down... there might be more than one dumbass.
     
  17. Telekarster

    Telekarster Friend of Leo's Gold Supporter

    Posts:
    2,600
    Joined:
    Aug 14, 2019
    Location:
    Earth
    Wow.... welp, I'd say the exec's are getting a crash course in security and risk management. It will likely be a very expensive course in a lot of ways, but hopefully ya'll will get through it ok. Best of luck man, that really sucks.
     
    Drew617, Skub and getbent like this.
  18. MrWiggly

    MrWiggly TDPRI Member

    Age:
    71
    Posts:
    38
    Joined:
    Feb 12, 2021
    Location:
    Michigan
    As far as having a backup on another server, on or off site, these thieves are way ahead of you in most cases. Generally most of these attacks don't get triggered until after a backup cycle. So restoring the backup whether it is on or off site reloads the trojan that started the problem to begin with. Often there will be a delay before the site gets hijacked again, but the time bomb is ticking. I've seen organizations do this repeatedly over the course of many months before coming to grips with the fact that they don't have an uninfected backup. And much of the time the opportunists simply took advantage of some very lax security. They're really lazy in general and will simply find servers with insufficient security, they're looking for easy money. They use tools they get pretty cheaply on the dark web. They're not real geniuses most of the time.

    I once got called in to consult for a company that had repeated intrusions. The owner wanted me to meet with the IT staff and go over their security set up. Well, first thing I asked about was a firewall. And indeed, they had a hardware firewall installed. But after some intense questioning it turned out their top tech guy had trouble configuring it so he simply had the entire company network attached to the DMZ port. This is a port that is actually not behind the firewall. Needless to say this did not play well with the business owner. On the flip side, many executives hate spending money on enhanced security as it doesn't contribute to the bottom line in their view. Not sure how avoiding having your entire operation crippled doesn't contribute to the bottom line in their minds but my experience with management is that they don't tend to be the smartest people in the room.
     
  19. getbent

    getbent Telefied Silver Supporter

    Posts:
    44,642
    Joined:
    Mar 2, 2006
    Location:
    San Benito County, California

    oh man. this is a great post.
     
    aging_rocker, Telekarster and rghill like this.
  20. ChicknPickn

    ChicknPickn Tele-Afflicted Silver Supporter

    Posts:
    1,323
    Joined:
    Apr 16, 2007
    Location:
    Ole Virginny
    I managed a banking network for 18 years. I was downright neurotic about backups. Executive management always wanted to spend more money on the latest and greatest toys, but I pushed for more outlay on multiple layers of backups to disk, to tape, and to a remote data center. As a result, we never lost a byte of data under my watch, even after sustained attacks (a couple of them successful). But as our friends in Russia and China became more and more aggressive, I chose to retire early. Have never regretted it for a minute.
     
    Deeve, Censport, Jim_in_PA and 2 others like this.
IMPORTANT: Treat everyone here with respect, no matter how difficult!
No sex, drug, political, religion or hate discussion permitted here.