Skip to main content
Customer Support Customer Support

Ransomware - Share what you learned from an attack

tmcmullen
Popular Voice
Forum|alt.badge.img+6

When an organization falls victim of a ransomware attack and calls on our company to assist with the restoration I have the privilege of being on the calls with the forensic team. I’ve learned quite a bit about how the hackers do what they do. One of the details that surprised me personally was when the forensics team told the client that once the “bad actors” gained access to their network they began looking through files searching specifically for not only financial information, but also for evidence of a Cyber Insurance policy.

The client who had fallen victim had a policy in place, but did not keep a copy of it electronically. Instead they filed the paper copy in a filing cabinet. Because of this the ransom was set very low in this case. 

 

I would like to hear from others what interesting details they have learned by sitting in on a forensic investigation, or from falling victim of ransomware.

 

Teri

Teri M

    Jamesharris85
    New Voice
    Forum|alt.badge.img+4

    Regrettably a company I worked for years ago was the target of ransomware on multiple client infrastructures, it was believed (although never proven) that a disgruntled employee was to blame. It was all hands to the pump and this was right back when ransomware first emerged so there was no where near the security there should have been / is now. That single event caused the company to review every single aspect of the way their clients were protected, the systems we used in house etc etc. It was a genuinely harrowing experience and a tough lesson to learn for everyone involved. Thankfully a lot of good came out of it. 

    James Harris
    Martin.1
    Popular Voice
    Forum|alt.badge.img+4
    • Martin.1
    • Popular Voice
    • October 22, 2022

    On our company side, I am more involved in the Backup and Recovery side. As such, there has been a few very valuable lessons we have learn and have rolled out to our customers. 

    1. Hyper-V servers are NEVER to be put on the domain, the same if you have a standalone backup server.
    2. Auto-eject scripts. Once the “offsite” backup complete, the script run and eject the drive. 
    3. Cloud adoption for offsite backups is the first prize we push for, BUT if that is not possible, then point 2 is a have to have. 

    These are just a few points I have shared here, but the weight of these are immense. As backups are always the last line of refence we have, the beloved goal keepers. #santaclause 

    MV

    Reply


    Terms & Conditions