What would happen if your computer died right now or you had a ransomware attack? A local business recently had a ransomware attack and got in touch asking for my help. I have been a Microsoft tech support for a number of years so offered my services.
The first thing I noticed was that this business was potentially within days of, well, going out of business. That would have been 30 years of hard work gone in a few hours which would be devastating to this company and it’s employees.
Luckily the owner had made some good decisions in the past which would save the day but these decisions weren’t immediately apparent. This is what happened and how we not only fixed the issue, it’s how we have protected this business for the future. So what would happen if you saw the ransomware screen of death?
Ransomware creators are actually savvy (though illegal) business owners who wish to make large sums of money out of extortion. A lot of experts will tell you not to pay because you won’t get your files back. Think about that for a moment, surely that would mean that the ransomware companies would not make money. Therefore they are more likely to give you your files back as they want future victims to pay up.
The only way to prevent all this chaos and headache is to be prepared, just like that scouting motto I can’t remember. So what follows is how to not pay them and get all your data back in minutes. Oh! If only Travelex had read this blog post.
When you are hit with a ransomware attack you may think that your cloud storage will rescue you. The bad news is that most won’t as the newly encrypted files sync with your cloud storage and overwrite the files you need when you need them. You need version control and you have to ensure it is switched on.
Luckily the owner of this business had bought a subscription to Microsoft 365, remember the days we all had a cracked copy of office? I hope you haven’t got one now because that’s an open door for ransomware. He called Microsoft 365 support and was told that he gets version control as part of his package. With a sigh of relief, he downloaded his version of data prior to the attack. This download took 25 days to complete only to discover one week later that he hadn’t formatted all his drives and reinstalled windows. This meant that all his files were encrypted again by the ransomware still on his machines.
So back to square one with a huge headache as a customer had asked for a repeat order from 28 years prior for a heritage weekend event. So now the business had a major problem they had no previous data but needed it urgently. This meant working solidly for 24 hours to format all the computers in the business, reinstall the operating system, then all the software one of which cost £3000 and was only available on a dongle direct from Canada! Yes, even the dongle got encrypted.
So this is where I walk in and I was to ensure this wouldn’t happen again. I informed the owner that it would happen again and to be ready when it does. This is what I did to ensure his business would be back up and running without paying the ransom all within 1 hour.
- Completed a security audit on his systems to ensure nothing was lurking behind the scenes.
- Locked down his firewall to only essential open ports
- Changed the routers static IP address with his ISP
- Rerouted his security cameras
- Changed every password
- Installed a password manager system
- Created an Admin & Standard account on each PC, the business runs on the standard account, so no apps can install without human intervention.
This won’t prevent ransomware because nothing will.
- Synced the NAS storage via task scheduler and have it disconnect when not required.
- Created a Backblaze backup with version control
- Cloned the C: drive of each workstation and have the clone inside the base unit physically disconnected.
We then simulated a catastrophic overnight attack using veracrypt to encrypt everything (I had the key). In the morning nothing was accessible so the staff followed the new procedure which was laid down for them.
The whole business was back up and running normally within 1 hour followed by resetting everything after the close of business. Documents and files which were required for that day’s work were restored from Backblaze. The rest of the data was restored overnight, we checked the system’s integrity and celebrated with a nice cup of tea.
You may not be in a position were losing your video footage would cause you too much hardship but by being prepared means you just carry on. When I returned home I signed up for Backblaze as they offer unlimited data including video files from as little as £4.25 per month when paying for 24 months. You can get a free trial of Backblaze here https://secure.backblaze.com/r/00308d
I will receive a free month for everyone who signs up. So thanks in advance.