News & Notes

Who to Call?

When you are impacted with a Ransomware encryption event, the last thing you need to be doing is figuring out who to call.  If you have a Cyber Insurance Policy (which you should), there will be a breach hotline that will set things in motion.  You will need a Cyber team to respond and address the following to minimize the damage: Identify the source of the breach and close the holes Ensure back doors have not been setup to provide future attempts Halt any ongoing or potential future encryption being kicked off Negotiate Ransomware payments if restoring from backups is not completely successful Test decryption keys in a sandbox Instruct how to decrypt the IT environment. In addition the Cyber Forensics team will need to capture systems information to begin to analyze any data that was compromised, viewed or removed.  If any data was compromised you will work with the ...
Read More

Ransomware Client Event

While our preferred time to assist our customers is in the preparation and prevention of Cyber Security events, we also assist in response when a customer is dealing with an attack regardless of whether they have taken the steps necessary to be ready.  In the early part of 2018, we received one of those calls from an IT Director that his environment had been hit with an attack known as SamSam.  The hackers had carefully planned this and once the encrypting of over 100 Windows servers had begun, the backups (running on Veeam) were wiped to prevent that form of recovery.  An excerpt from CSOonline.com covers this form of attack: ...
Read More