Awareness

A tale of Ransomware that will make your blood run cold ...

Ransomware that holds your data hostage unless you pay up is real and dangerous to your network's health

Ransom note
Credit: Mark Gibbs

Ransomware has become big business for the Bad Guys.

On the off-chance you don’t know what this particular malware is all about, allow me to explain: A machine infected by ransomware will have its drives encrypted and then, unless the perpetrators are paid the ransom they demand, your drives will be and remain, in effect, unusable. But what happens if, say, you’re a system admin and you have drives mapped to multiple servers when the ransomware does its encryption?

Here’s a cautionary tale from a post on the KnowBe4 blog:

"We are a 250 employee non-profit and we heavily rely on our computer systems in almost everything we do. Yesterday, one of our admin workstations was hit with CryptoWall Version 2.0, and because this workstation had drives mapped to all our servers, and the administrator had permissions, all our seven servers were encrypted and we were dead in the water.

CryptoWall took just 55 minutes to encrypt 75 Gigs of information, and it had penetrated most of our network before we found out what was happening, isolate the workstation and get it disconnected from the network. We had backups of the seven servers but it would take days to restore those, so we opted to find out if we could decrypt the files first.

Luckily we had just signed up for KnowBe4’s Kevin Mitnick Security Awareness Training, which came with a crypto-ransom guarantee in case something like this would happen. We called them and got instant help with this very urgent problem.

They had bitcoins ready in a wallet and were able to pay the $500 ransom within hours. The CryptoWall criminals were actually also pretty quick, and we were issued our decryption key soon after.  We immediately started to decrypt all the files with the provided decryption tool and pulled an all-nighter. It was amazing how long it took to get through all of the data. It finally completed at around 8:30 am. So we estimate about 18 hours of running the decrypt tool on our 75 gigs of data.

So far it only appears that one older database file was corrupted during the encryption, but we restored it from our backup and all is fine. I can’t say enough about KnowBe4’s quick response and support with this situation. We dodged a very big bullet here.

While only a portion of our staff have completed the training, something tells me more will complete the training requirement after this event. Thank you very much!" - Q.M. IT Director

That should strike real fear in the heart of any system admin and, indeed, in the heart of any CIO, CTO, or for that matter anyone who cares about keeping their organization's IT systems running.

I predict that this kind of event becoming more common will eventually spur much greater use of realtime backups, system audits, and far better disaster preparedness while the likes of KnowBe4's services will act as the belt and braces. 

So, have you been hit by ransomware?

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Related:
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.