Lowest of the low ...

[Couch]

Went into the office this morning and found that my primary computer was under a ransomware attack.....
It infected my attached storage / back up drive and #k'd up my onedrive online files as well!!!! All my files are now encrypted and a pdf extension or link to a html requesting payment.
I have another redundant back up from a month ago but it's still a pita. Was waiting on an order of new ssd to upgrade the 6 office computers and had planned on a doing another back up shortly.
Oh yeah - it's also 8 degrees and raining!!!!

 

[mikeydoo]

Chitty deal, A client of ours got hit awhile back and it cost him 180000 because he lost all his receivables and couldn't collect. He never recovered from it. Now we do a daily full image backup of our work stations and server to a out of house server and cloud backup also. In today's world this scenario could happen at any second and it could cost you your whole business. If we get hit in an hour we are back up and running with minimal damage. Hope it works out for you. brutal.

 

[nast70]

We do something similar. All accounting data is backed up on one of 2 'black boxes' we take with us. If something happens, we are out a day of date at the most.

 

[mikeydoo]

Ya we do the external drive backup in house also. we have 3 layers of protection. in house external server and cloud. seems extreme but this our livelyhood were talking about.

 

[adamg]

The people at Onedrive might be able to restore your files to a previous day's state.

 

[doorfx]

The people at Onedrive might be able to restore your files to a previous day's state.

This^^^

 

[ABMax24]

The people at Onedrive might be able to restore your files to a previous day's state.

I'll third that.

I know with Google drive they keep something like the last 50 versions of every file. Take the last saved version and carry on. Realistically this way you should loose nothing, as the ransomware attack should be on it's own separate save file.

 

[Couch]

I'll third that.

I know with Google drive they keep something like the last 50 versions of every file. Take the last saved version and carry on. Realistically this way you should loose nothing, as the ransomware attack should be on it's own separate save file.

Yep - with our web servers we can go back day / week / month ...bit of a hickup though with the onedrive - not going as intended ...have to get MS to escalate it ... Kicker is that my new ssd harddrives were delivered this evening ...

 

[doorfx]

I’d like to catch the little Fock on the keyboard that caused this.

 

[Chronic Cat]

This isn’t a thread I have anything to contribute on, but I’d like to understand what happened here. I think long story short, someone had a pile of valuable business financials and info on some kind of hard drive which some outfit hacked and or encrypted and is willing to reverse all if you pay them a pile of money?

 

[Summitric]

this isn’t a thread i have anything to contribute on, but i’d like to understand what happened here. I think long story short, someone had a pile of valuable business financials and info on some kind of hard drive which some outfit hacked and or encrypted and is willing to reverse all if you pay them a pile of money?

yup, extortion.... I know of an auto wrecker that had this happen to. They were able to unlock some of it and had to re-enter most of the inventory, sales, parts etc etc etc. They said it cost them a years worth of time/wages etc.

 

[ABMax24]

Unfortunately these cases happen far too often lately.

Happened to a local company a couple years back, thankfully they had a daily backup so only lost the days work. The employee whose computer it was traced back to felt so bad he paid the ransom for the unlock code, guess what, it didn't work.

 

[neilsleder]

Unfortunately these cases happen far too often lately.

Happened to a local company a couple years back, thankfully they had a daily backup so only lost the days work. The employee whose computer it was traced back to felt so bad he paid the ransom for the unlock code, guess what, it didn't work.

My wife worked for an engineering firm and they paid a ransom to get the files back, didn’t work they wanted more so paid more still nothing. And cops do really care either

 

[Couch]

My wife worked for an engineering firm and they paid a ransom to get the files back, didn’t work they wanted more so paid more still nothing. And cops do really care either

Yeah - no intention of paying scumbags either. Swapped out hard drives, fresh os installs, restore data from available backups and tighten up security ....

 

[ABMax24]

My wife worked for an engineering firm and they paid a ransom to get the files back, didn’t work they wanted more so paid more still nothing. And cops do really care either

That sounds very similar to my story. Maybe the same one?

The issue is the RCMP and Canadian government have very little in cyber security, or cyber crime investigation, I don't think most departments have the tools available to investigate even if they wanted to.

There was a man arrested in Beaverlodge a few months ago, the RCMP were tipped off by the ATF because of what he posted online. Seems like all these online crimes are first found by US authorities.

 

[adamg]

I don't think it helps the effectiveness that for many years until about a year ago, the RCMP guy at the very top of the intelligence division was working for the criminals.
https://globalnews.ca/news/7460679/cameron-ortis-macneil-report/

 

[JMCX]

This happened at my work. They weren't making backups so had to pay. Not everything came back perfectly.

 

[Cyle]

I'm curious though if they got into your computer files even if everything was backed up to Onedrive couldn't they just edit everything and empty the files and resave? Or if they managed to get into computer decent change they'd get into cloud storage account? When they get in are they viewing the files looking for personal information, credit card info, etc or is it mostly just to try for ransoms? I'm wondering because I have stuff saved to Onedrive, I don't have any data that would really hurt to lose but never hurts to be prepared.

 

[fynnigan]

We got nailed by ransom a couple of years ago . Bastards wanted to be paid in Bitcoin. Cost quite a bit to get around the whole mess . Pretty sure that even with the improvements we made, we could still get hacked .I have very little confidence in cyber security.interesting side note we we using A high end kaspersky product at the time

 

[Couch]

I'm curious though if they got into your computer files even if everything was backed up to Onedrive couldn't they just edit everything and empty the files and resave? Or if they managed to get into computer decent change they'd get into cloud storage account? When they get in are they viewing the files looking for personal information, credit card info, etc or is it mostly just to try for ransoms? I'm wondering because I have stuff saved to Onedrive, I don't have any data that would really hurt to lose but never hurts to be prepared.

Seems more like snatch and grab ...uncertain if any of the info was searched most likely pure ransom - most likely not downloaded ... I've replaced the hard drives inc fresh op system install so they do not have access to the encrypted files either ...
The onedrive part pisses me off the most ....revising strategy to ramp up off site / non-connected back ups (removable flash / ssd / dvd) ...

Tech is great in many aspects but it's incredibly overwhelming from a maintenance perspective for a small business ...cloud is suceptable to downtime too (google went down mid Dec) ...our business uses a combination of SAS and dedicated systems but it's ever more frustrating trying to keep abreast of the changes ...