• Home
  • Ransomeware
  • What to expect when you get hit with Ransomeware (first hand experience).

What to expect when you get hit with Ransomeware (first hand experience).

15Oct

What to expect when you get hit with Ransomeware (first hand experience).

By Ransomeware 0 Comments

Recently NC Network Solutions, Inc was called in to handle a Ransomeware issue that affected 3 different companies (all interconnected from their network provider).  The screenshot above is an example of the message that all 3 companies experienced on all 23 of their servers.

So what did NC Network Solutions, Inc do to get the data back?  From the standpoint of running any kind of recovery program there is nothing that can be done.  The first step is to file a report with local police and the FBI (for insurance purposes).  The next step was to start a dialogue with the hacker.  Once the dialogue has been established NC Network Solutions, Inc requested proof that the keys could be provided and the data decrypted.  If that cannot be proven then chances are they were not going to get their data back.  In this instance the hacker did provide a key to a singular system to prove that he could provide keys to decrypt the rest of the data.

How much did the attacker request and what method of currency was he looking to get paid in?  In this instance the attacker was requesting $50,000 dollars worth of bitcoin which translates to about 5 Bitcoin.  The attacker chose bitcoin, because it is untraceable and unregulated.  Bitcoin uses digital wallets to transmit currency from one user to another.  So the first step was to set up the company with a wallet to transfer the bitcoin to the hacker.  Keep in mind that anything over $10,000 dollars of purchase for new accounts takes ~3 days to a week to process in which time the company was degraded to manual paperwork to track transactions.  Once the payment was made the hacker released the decryption code to unlock the other servers.

So now that they have paid their money and have the decryption key they can go right back to work?  No.  Once the keys have been produced then you have to go through the process of decrypting all of the data.  Depending on how much data there is (in this case there was approximately 40TB of data).  It took approximately 2 weeks to decrypt all of the data.  During the time the data was decrypting NC Network Solutions, Inc ran penetration tests against the networks firewalls and closed down any unnecessary ports.  Antivirus and Malware programs were installed and run against all endpoint systems (PC’s, Laptops, PDA’s).

Could this have been prevented and how?  Yes.  By keeping offsite encrypted backups and having a Disaster recovery plan in place, but first and foremost to have an outside vendor do penetration testing and to locking down all system to prevent the hacker from getting in the first place.

The company that was supporting these 3 companies is now out of business and the companies that were affected now rely on NC Networking Solutions, Inc for all their IT needs.  In this case we consider the companies involved very lucky to get the data back although it turned out to be a VERY costly lesson.

Share this post

Author

Meet Martin Musket, Owner and CEO of NC Network Solutions Inc. As founder and CEO of NC Network Solutions Inc., he brings over 30 years of experience in the computer industry. Mr. Musket is also a veteran of the United States Navy. Mr. Musket has spent the past 10 years building data centers around the world for major marketing and financial institutions. As well as offering enterprise support Mr. Musket also design’s and supports small to medium sized businesses across the east coast including the Construction, Marketing, Industrial, Financial, Dental and Healthcare industry verticals. Mr. Musket has worked on the latest cutting edge technology in very large scale environment’s allowing him to see and analyze problem’s other companies do not have experience with. It is with this knowledge that Mr. Musket guarantee’s that him and his team can fix any issues that you are experiencing or you don’t pay for the labor! Previous Experience Senior Systems Engineer – Carolinas Healthcare Systems Senior Systems Engineer – Superior Consulting – Design, Manage and maintaining various Hospitals around the country including Bay Medical Center, Stanford Medical Center, New Britain General Hospital, St. Francis Medical Center to name a few Senior Systems Engineer – Vistex Senior Systems Engineer – Hawkeye Marketing Agency Senior Systems Engineer – Phoenix Insurance Systems Engineer – Bayer (Miles Pharmaceutical) Systems Engineer – Bristol Myers Squibb Pharmaceuticals Field Support Technician – IBM Owner/CEO – CT Network Solutions Software Competencies Windows Workstation Windows Server SBS Server Exchange Server Inquire about others Office 365 VMWare Datto Google Suite Hyper-V VEEAM AVG Symantec Hardware Competencies Cisco Dell Fortinet Inquire about others HP EMC Checkpoint IBM Sonicwall Netgear

Related Posts

27Oct

Do not call 1-800-445-2470. This is a fake technical support

Do not call 1-800-445-2470 because it is a fake Apple, Facebook or other Internet giants technical support or customer [...]

Read More