First, my apologies to Indy for not having time to speak to him when he called me yesterday.
People, I come to you today begging you to take a new look at your current disaster recovery plans.
The reason I'm begging you to do this is simple: These crypto-viruses are ripping businesses apart limb from limb with horrific efficiency.
For those of you not in the know, crypto-viruses encrypt all of your data and the bad guys demand THOUSANDS OF DOLLARS IN RANSOM to give you the decryption key.
THOUSANDS OF DOLLARS.
Let that sink in.
And that's on top of the ENTIRE DAY(S) if not LONGER that your IT person will spend decrypting files and cleaning off computers from infection.
I've personally been involved in recovering a few networks from infection. The situations thus far have gone like this:
1. People call complaining about not being able to access files, files are missing, and all these *.mp3 or *.kpe files are all over the place. No one knows what they are.
2. I arrive on scene and determine that they have the crypto-virus all over the entire network because one dumbass opened a bad email.
3. Person responsible spends all day denying they opened an email from a personal account on a work computer. This person will most likely get away with their crime because they have some authority in the company (e.g. the boss himself, his wife, his kid, etc.).
4. I ask the owner of the company for their backups and license keys to things like Windows to begin the restore process.
NO ONE KNOWS WHERE ANY OF THE LICENSE KEYS ARE. NOT A SINGLE PERSON IN THE WHOLE FRIGGIN OFFICE KNOWS WHERE ANY OF THAT IS. HOLY EXCREMENT.
Backups have never been monitored. They've been failing for the past several weeks.
THE MOST RELIABLE BACKUP IS DATED 2/2/2017. EXPLETITIVE. EXPLETIVITE. EXPLETITIVE.
I explain all this to the owner who proceeds to freak out and BLAME ME FOR EVERYTHING despite the fact that we just met and I had nothing to do with the sh!tty backup process he has in place. I suddenly find myself very thankful I took that psychology class in college that explained the 7 stages of grief. Step 1: blame the nearest IT guy before taking any responsibility yourself.
The bad guys want $5,000.00. The owner DEMANDS that I "geek person" all this and decrypt the files using "my geek powers" or "what I was taught playing Warcraft" to fix all this without his paying the money.
Seriously, James, why can't you just hack these files open? Didn't you see that part in Jurassic Park where the teenage girl hacked into a "unix system" to get the stuff they needed? Why can't you do that? Or what about all those episodes in the show 24 where Chloe always got around encryption? Sheet doesn't look that dam hard. Why do I have to pay these Russians money?
Another day goes by. The owner finally pays the ransom.
I spend another two days setting up computers, cleaning them off, fixing Active Directory after the unholy damage crypto did to SYSVOL, and all that.
By this time, the owner is out around $30k after paying the ransom, my labor, and all that downtime.
If only I could have restored that backup. If the business had a recent backup that I could have restored in a few hours, this would have been an inconvenience rather than an unmitigated disaster.
Check your backups. Restore them to another computer. MAKE CERTAIN YOUR BACKUPS WORK. The business you save could be your own.
All the bad stuff you've heard about Crypto is REAL.
JamesNT
.png "ACUF Donor I")
