fbpx

Mar 8, 2024 | Case Studies

A Company’s Ransomware Nightmare

by

Why Cyber-Security Should Be in Your Board Room Discussions

In the ever-evolving landscape of cyber threats, ransomware remains a formidable challenge for businesses of all sizes. This article unfolds a real-life scenario where a UK-based company, with 100’s of users, fell victim to a ransomware attack. Their experience serves as a cautionary tale for businesses to proactively fortify their cyber defences.

The Incident
Late one night, over a weekend, an external executed a Ransomware attack through a workstation equipped with remote access software. The initial breach was a result of a phishing attack, allowing the hacker to gain remote access to a computer through a seemingly trivial website. The hacker, having roamed the digital corridors of the company, identified valuable assets, planning the most effective way to cause the maximum damage.

Unfortunately, some older servers were still on the network and because of this, weak encryption was used which made it easier for the hacker to enumerate user accounts then use these to access critical data and execute the ransomware attack, encrypting file shares, servers, services and anything attached to the network. Fortunately, the company’s tape backups, being offline, remained unaffected, enabling a gradual recovery of operations.

Involvement of Computer Care
Computer Care was approached to diagnose the breach, understand its origins, and formulate strategies to prevent future occurrences.
The investigation revealed several critical shortcomings:
1. Inadequate Antivirus Protection: The company used a standard antivirus product, which lacked advanced, non-signature-based features essential for modern cybersecurity. Non-signature methods, unlike traditional ones, monitor the intent or behaviour of software, effectively blocking suspicious activities.

2. Outdated Infrastructure: Their firewall systems were outdated and lacked essential features like zero trust network access and Unified Threat Protection (UTP). Additionally, the use of obsolete Windows servers significantly weakened their security posture, as the network had to operate at the security level of the most outdated system.

3. VPN Vulnerabilities: The use of Synology VPN software, necessitated by their old firewalls’ inability to support VPNs, exposed the internal network to risks, as it allowed direct internet traffic into the network.

Recovery and Reinforcement Measures
The primary response involved upgrading their cybersecurity infrastructure:
– Replacement of the old antivirus with sophisticated alternatives like Sophos or Trend Micro, which offer enhanced monitoring and proactive threat detection.
– Phasing out of outdated servers, to eliminate weak links in the security chain.
– Implementation of modern Fortinet firewalls, featuring zero trust network access and UTP, to robustly monitor and control network traffic.
– Replacement of the vulnerable VPN system with more secure alternatives, integrated within the new firewalls.

Key Takeaways and Conclusion
The incident underscores the criticality of staying vigilant and updated in cybersecurity practices.
The following lessons emerge for business owners:
1. Regular Updates and Upgrades: Continuously update and upgrade both software and hardware components to keep pace with evolving cyber threats.
2. Choosing the Right Protection: Opt for antivirus solutions that offer advanced, behaviour-based threat detection and response capabilities.
3. Heeding Expert Advice: Proactively engage with cybersecurity experts and heed their advice to address potential vulnerabilities before they are exploited.
4. Comprehensive Audits: Regularly conduct thorough audits of your network and systems to identify and rectify potential security loopholes.

The recovery story of this company, from a victim of a ransomware attack to a business with strengthened cybersecurity, exemplifies the importance of proactive measures. Business owners must recognise that cybersecurity is an ongoing process, requiring constant vigilance and adaptation to emerging threats. Don’t wait to become a victim; act now to protect your business.