Ransomware: The Most Serious Security Threat in the Digital Age

Ransomware is still a major threat in today’s networks. Headlines blare new major attacks every week, including Scripps Hospital being crippled last year. In 2023, we had to help two different companies that were hit with Ransomware. All servers and workstations were encrypted. The staff at San Diego Computer Consulting were able to come in and remediate the encrypter virus and clean up the network. In 2019, we had to deal with three instances of it.   RANSOMWARE IS SERIOUS AND WILL BRING YOUR BUSINESS TO A HAULT!

Ransomware is BLACKMAIL! These viruses are blackmail viruses. They are designed not to compromise your data. Rather they are designed to lock you out of your own system. They demand blackmail money to allow you access back to your data. This is a very heinous crime. But, the hackers that do this are from out of the country. Typically, these hackers are from Eastern Block Europe and some of the Baltic Countries.

There are many important facts to Ransomware that have to be considered. First, the immediate stop of the infection. Second, the restoration of data. Lastly, the new security plan for implementation. In the most recent attack that we dealt with, we were able to help the company in distress to stop the virus from spreading.

Wana_Decrypt0r_screenshot

1. Stopping the immediate infection!

Before any remediation can start, we must stop the current infectious threat. The most important thing to do is shut down the network and the computers. This keeps the virus from spreading. The encrypter viruses are designed to spread quickly through the network. As they spread, they begin to encrypt other machines one by one. The hackers have designed these viruses to move quickly and cause as much damage as possible. The more damage caused, the more likely you are to make contact with the hackers and arrange a blackmail payment.

When we arrive onsite we evaluate each computer. We have tools that will stop the virus in its tracks. We can quickly evaluate each computer and determine what machines are solvable. Computers that are no, can be reloaded and rebuild with all our software tools. Servers are the most important for our evaluation. We can load our anti-encrypter virus tools and do our best to save the data.

San Diego and other major metropolitan areas have been a target for many of these attacks.  This attack hit a small business in Escondido in December, 2019.   This attack happened through Windows remote access.   Here, the demand for the money and decryption is from a company in Czechosovakia.   We can see this by the email address listed in the ransom note.   In 2020 in March, a large Mortgage Company that we know was hit and we had to help with the remediation and negotiation.

What does Ransomware look like?

RansomNote
5f0baca828f8d59d807df732_ryuk-ransom-note
IMG_9157

2. Determine the best path to remediation and data restore.

It is our job to do our best to help you assess the damage and the network health. Once these things are done, we can quarterback a plan to get a plan together to get your network and computers back online. Our job at San Diego Computer Consulting is to help you make the best assessment to get your moving forward, getting your business back online and operational. This is done best by having us come in and determine the damage, and what is most important to bringing back online. We are experts in helping quarterback this type of nefarious infection. We bring a vast amount of knowledge and can help you make the best decision to remediation and data restore. Data restore can come in all various forms. In some cases, we are able to find a decrypter. However, the best remediation is to find the backup and restore the data. If you have a backup, we can help isolate the virus so that the data can be restored to your server and have you back online ASAP.

Ransomware,,Concept.,Hacker,Anonymous,Holds,Key,And,Demands,Money.,User

3. Identify the backup device, disconnect it & turn it off!

Identify your backup data device immediately and disconnect it from the network. The encrypter virus can easily attack a backup server that is on the same network as the infected server/workstations. The encrypter virus often times spreads very fast and can easily get to a backup server that is onsite. As soon as you may notice that you have any encrypted files, make sure to disconnect your backup server, external hard drive, or any NAS device that has the backup. This backup can be in jeopardy very quickly.

solar-winds-backup
Computer,Security,And,Extortion,Concept.,Ransomware,Virus,Has,Encrypted,Data

4. What do I do if my backup is unavailable?

This is the worst scenario!  May this never happen to anyone.  However, it can and it does happen to those who’s backups are not setup correctly and not offsite.  If this heinous set of circumstances happens we may have to reach out to the pirates and pay the ransom to get your file data back.   San Diego Computer Consulting can help in the negotiations to get your data back.   We work with a partner Coveware which will negotiate with the ransom pirates on your behalf.

If negotiations are necessary, know that you can get your data back.   If a payment is made the chances of you getting your files back are very high.  However, the pirates are nefarious.   They can change the deal in the middle of the negotiation.   Also, the pirates are from overseas.  Their English is not typically very good.  Often times, there are misunderstanding and poor communications from them.    Negotiating with pirate is NOT easy and recommended.   There are professional companies that SDCC is partnered with that can help!

5. New Security Network Defense Plan

Sophos Intercept X Features CryptoGuard

CryptoGuard prevents the malicious spontaneous encryption of data by ransomware – even trusted files or processes that have been hijacked. And once ransomware gets intercepted, CryptoGuard reverts your files back to their previous safe state.

Stop Ransomware Attacks With Intercept X. 

Sophos Intercept X provides end-to-end comprehensive protection to stop the widest range of malware and exploit threats with built-in detection and response. The artificial intelligence built into Intercept X is a deep learning neural-type network that utilizes machine learning for detection of both known and unknown malware without relying on signatures. This deep learning makes Intercept X more scalable and higher-performing than endpoint solutions that use traditional machine learning and signature-based detection alone.

Sophos
Corporate,It,Manager,With,Calm,Facial,Expression,Is,Touching,A

Network Assessment and Security Plan

San Diego Computer Consulting are experts in setting up a defense plan to make sure you are safe from the ominous attacks of Ransomware and other encrypter viruses. We can make a quick assessment and help make sure your network is safe from being blackmailed. We use a number of security services to protect all your network technology, making sure that any vulnerability is removed and a good network defense is in place. By using our WatchGuard Firewalls, Sophos Anti-Virus with Intercept X, email security services, including ProofPoint and Ironcales, and lastly a good cloud backup, we can help you get in line with the best security practices.

San Diego Computer Consulting can help you in this world of blackmail attack viruses. It is our job to make sure that you are safe and defended from the hacking companies that are out there to steal from you.

If you believe you were exposed to ransomware or your company network is under a ransomware attack DO NOT hesitate!  Response time is Crucial.
Call us at (858)274-7070