Case Study, Ransomware & Hacking are alive and well in 2022.

It is very unfortunate that we have to spend a great deal of time writing about ransomware and IT security in 2022.   Ransomware still to this day is rampant and hacking is at an all time high.   This year in February, we were called into a situation that was a high alert.

Customer has 6 servers, VM Ware host servers with Microsoft Exchange Server.   The company has their own IT Director.   San Diego Computer Consulting provides security services and backup.   We do not manage the network.   The IT Director altered us on a weekend day that 3 of the 6 servers were encrypted.    We were able to instantly verify the backups.

The total restore process was in stages and the company was back up and operational in total in 72 hours from the original detection of the encrypting event.   The 72 hours was a result of the very large quantity of data that the company had on their servers.

1. We were responsible for the backups and worked in the effort of restoring the data. We started with the restore of the Exchange Email Server.
2. We helped the company write an alert email to their customers to ask for clients to be on the lookout for any nefarious contact.
3. We engaged Sophos immediately. The client already had Sophos security.   Sophos incident engineers moved the network into high alter reporting.    They helped directly with investing where the security beach happened.    They were able to make a number of suggestions that helped the IT department patch a number of possible dificiences that were in the network.
4. We will never be 100% confirmed on where the breach came through. Though we believe it was through an insure password on Email, the resolution as the most important lesson.
   1. 2-Factor on Email is critical
   2. Backups of data systems are critical
   3. Patching, updates and password policies are important.

Hackers were able to get into the email of the owner.   They knew it was the owner by looking at company website.  They were able to get her phone number once they determined who the owner of the company was.

The hackers were agitated because the IT department did NOT answer their request for money.   There was no need to engage the hackers because the servers were backed up and restores were already in process.   Because the hackers were not answered they resorted to more extreme threats.    New threats came in the process of threats via phoning the owners.

Phone calls were made to the owner and members of the owners family threating that they would release data that had been breached.    NO data was breached, other than the owners email account.  This was a result of the hackers getting desperate for money and resorting to desperate measures.

No money was paid and the hackers subsided.

Want to learn more about Sophos Network Security?

Let our experts show you.

We offer Free first consultation. Contact Us