« previous next »
Pages: 1

Author Topic: Ransomware Attack  (Read 727 times)

JD_

  • 5 O'Clock Shadow
  • *
  • Posts: 32
  • Location: California
Ransomware Attack
« on: March 21, 2024, 01:35:01 PM »
Hi all,

My employer was recently hit with ransomware.  We are locked out of practically everything.  Very scary stuff.  We’ve been shut down for two days and counting as IT works feverishly to assess everything and resolve the matter.  Authorities are involved.  I don’t have much information beyond that as communication has been minimal given the uncharted territory this is for everyone at our company.

Has anyone encountered this?  I’m wondering how long we might be shut down.  I’m reading it can takes weeks or even months to recover.

Thanks,
JD
Logged

reeshau

  • Magnum Stache
  • ******
  • Posts: 3858
  • Location: Houston, TX Former locations: Detroit, Indianapolis, Dublin
  • FIRE'd Jan 2020
Re: Ransomware Attack
« Reply #1 on: March 21, 2024, 01:39:32 PM »
There's not much you can do about it now, unless you happen to have been hit by a script kiddie using a known, weak algorithm.  Ransomware seems to be the preferred method of serious, professional cybercriminals, though.

If your company practiced good backup and patching habits, you might recover quickly.  If they pay the ransom, they might recover quickly.  Good backups alone may help you restore data.  But if the intruders have been in your network for a while, the ransomware payload may also still be there, or the vulnerability they used to enter.

Is your company bringing in outside help to walk through the situation?  Nothing like experience in such a fast-developing area, particularly if the threat has an identified "brand."

You don't happen to work in health care, do you?  That industry is being increasingly targeted.
« Last Edit: March 21, 2024, 02:10:18 PM by reeshau »
Logged

Psychstache

  • Handlebar Stache
  • *****
  • Posts: 1702
Re: Ransomware Attack
« Reply #2 on: March 21, 2024, 01:41:49 PM »
Quote from: reeshau on March 21, 2024, 01:39:32 PM
You don't happen to work in health care, do you?  That industry is being increasingly targeted.

Also local/municipal governments. Organizations that don't have the money/talent to adequately defend themselves but also have lots of sensitive information access.
Logged

GuitarStv

  • Senior Mustachian
  • ********
  • Posts: 25502
  • Age: 43
  • Location: Toronto, Ontario, Canada
Re: Ransomware Attack
« Reply #3 on: March 21, 2024, 01:48:41 PM »
A couple years ago the place that I worked (large, multinational company involved with developing rail signaling systems) was attacked by a group from China.  IT was pretty tight lipped about it, but they ended up shutting down internet access for the whole company for a two week period . . . so I'm guessing it was pretty serious.  Unclear what or how much was lost, but there was a significant change to all our corporate access policies afterwards.
Logged

JD_

  • 5 O'Clock Shadow
  • *
  • Posts: 32
  • Location: California
Re: Ransomware Attack
« Reply #4 on: March 21, 2024, 02:17:26 PM »
Thank you for your thoughts and comments. 

We have enlisted professional help.  We also have cybersecurity insurance so hopefully much of our losses/downtime is covered.  I know that our server is backed up nightly, but as mentioned who knows at this point how long our system has been infected.  I’m hoping for the best, preparing for the worst. 

We are not in healthcare, but a professional services firm.  Relatively small, ~100 employees.  Seems companies of this size are targeted as the IT / network is usually weaker than say a Fortune 500 firm.
Logged

JungYo

  • 5 O'Clock Shadow
  • *
  • Posts: 60
  • Location: RDU, NC
Re: Ransomware Attack
« Reply #5 on: March 22, 2024, 12:50:44 PM »
I worked for a Silicon Valley company a few years ago that got hit with ransomware. We were told if we said anything about it to anyone, we would be fired. The only thing we found out, afterwards, was a salesperson downloaded something that had the RW and it flourished from there. The company would not pay the ransom.

All servers were backed up daily. Of course, no-one tested the backups; and no-one vetted whether the RW was in the backups: so, restoring backups failed (got re-infected). For the area I worked in, we had to manually rebuild servers (physical and virtual), reinstall apps, configure everything, kinda-sorta restore some data best we could. Took us about 6 weeks total, of which the first 2 weeks was an incredibly intensive audit of everything. The capability I supported during this time was crippled for the duration! No-one would say a peep about whether doctor or patent data was compromised or sold.

I mentioned in a meeting our leadership didn't want anyone to know about this 1) because we provided a physical health product and associated services and I believed the gub'mint required disclosure (there was none) and more importantly (lol) 2) it'd hurt the shiny tech bro stock options. I was told to start looking for another job, so I did.

I do not wish this upon anyone, what an unholy PITA.
Logged

JupiterGreen

  • Pencil Stache
  • ****
  • Posts: 737
Re: Ransomware Attack
« Reply #6 on: March 22, 2024, 12:59:48 PM »
I have heard of (second-hand from a friend in University Administration) one university that paid the ransom (insurance paid it maybe?) but, same as @JungYo they kept it hush as to the amount and the fact that it even happened. So maybe this kind of thing happens more than is reported.
Logged
Pages: 1
« previous next »