Tag Archive for: cyberattack
If you become aware that a cyber-attack has been taken against your company, it is imperative action be taken immediately to mitigate the risk of loss to data, money, and other company assets. Time is of the essence. Take the following actions immediately:
- If applicable (funds were transferred/compromised), contact your bank. In the case of a wire fraud, you can initiate a “SWIFT recall” on the wire transfer. Contact all banks that may have received your funds. Ask to speak to their fraud department.
- Notify your internal IT department or Managed Services Provider (MSP). Provide as much detail as possible. If a computer is involved in the incident, we will provide direction whether action is required to turn off or disconnect the device from the network.
- Report the incident to the Internet Crime Complaint Center (IC3) at http://www.ic3.gov.
- Report the incident to additional Federal Government agencies as described in “Cyber Incident Reporting – A Unified Message for Reporting to the Federal Government” for specific reporting requirements: https://www.dhs.gov/sites/default/files/publications/Cyber%20Incident%20Reporting%20United%20Message.pdf
- Notify local law enforcement of the incident
- Notify your cyber liability insurance provider. They can assist you with arranging public relations advisors to support proper customer notifications and legal counsel.
Expect notifications to take time as each involved party gathers the information they need. If possible, assign multiple people to initiate notifications in parallel.
Consider using a conferencing service like Microsoft Teams or Zoom that can be used by all parties throughout the notification process. Many conferencing services allow for “rooms” to be created to allow groups to break away for specific discussions and then rejoin the main group. This may also provide you the ability to record the conversations (notify participants) for later review. Practice this process before an actual incident so you are comfortable with the technology.
Keep and record the following information for possible investigation:
- Canceled checks, Wire receipts, Credit card receipts, Money order receipts
- Facsimiles, Certified or other mail receipts, envelopes (if you received items via FedEx, UPS or U.S. Mail), Pamphlets or brochures
- Emails, text messages, chatroom or newsgroup text, social media messages, web pages (screen shots), phone records
- Computer log files, if available, with date, time, and time zone
No matter how many times your IT provider, the evening news and fellow business owners warn you of the danger of ransomware attacks, you don’t take it seriously it until it happens to you. “No one would bother attacking a small business in the <insert your industry> industry in Colorado,” you tell yourself. But they would and do.
To say it again: small- and medium-sized businesses (SMB) in all industries are at risk of ransomware attacks.
Including homebuilders.
Ransoming a Homebuilder?
A couple of years ago, Campbell Homes, a Colorado Springs-area builder of semi-custom homes, was successfully attacked by ransomware.
Homebuilders wouldn’t normally be considered big targets for hackers. But you have to remember that cybercriminals are in it for the money; they rely on you paying the ransom. Ransoms can be fairly low – $500 to $2,000 for many companies – to entice the victims to pay to get access to their files rather than expend the resources on properly regaining control of their data and putting effective security solutions and procedures in place. Unfortunately for those businesses, history shows that they are often attacked and ransomed again – in the very same year.
Undoubtedly, that was the expectation of the hackers who sent the fake package-tracking email that one of the homebuilder’s employees unwittingly opened. Upon downloading the seemingly legitimate and important email attachment, the ransomware began encrypting the company’s files – starting from the letter A and working its way towards the end.
The builder was infected with the digital version of termites.
Ransomware Pest Control
Fortunately, an employee noticed that certain files were encrypted before the virus could complete its work. When the employee contacted us to ask why he couldn’t access the files, we immediately identified the problem as a ransomware infection and stopped the attack by identifying, remotely shutting down and disconnecting the workstation from the builder’s network. This prevented the virus from finishing its encryption and spreading.
In this instance, the defense-in-depth security strategy, which consists of layered security solutions and compartmentalized information access, we’d deployed for the builder would have protected other network drives from being infected.
After ensuring the rest of the network was safe, our top engineers began to assess the impact of the attack. Our engineers reviewed with the business owner what was encrypted, the estimated recovery time and what steps they should take next.
Meanwhile, others on our technical team were already remediating the problem by removing leftover ransomware files and recovering 99.9 percent of the company’s data.
That’s right: 99.9 percent. That translated into roughly twelve minutes of lost data. They were able to recover so much data because we’d implemented back-up and disaster recovery solutions for them just in case something like this happened.
“This ransomware attack could have been devasting to our business. Because of the quick response of Simpleworks, their layered security approach and a solid backup strategy, we recovered 99.9 percent of our data.”
– Tom Sauer, Senior Vice President of Campbell Homes
A Solid Foundation
Building an effective cybersecurity strategy and executing it is a lot like building a house. Security must be built into the design and infrastructure – into the foundation. If you skimp in one area, it’s likely to negatively affect more than just that piece. The homebuilder didn’t want their cybersecurity to be a house of cards.
Together, we:
- Designed their network to minimize impact if they should be attacked again
- Conducted cybersecurity awareness training for the company’s staff
- Helped the business owner develop a disaster recovery plan
- Ensured back-up systems were tested, hosted in multiple places and working
- Implemented email- and spam-filtering on all workstations
Defense, Defense, Defense
Location may dominate in home sales, but effective cybersecurity is built with a defense-in-depth strategy. Your company needs multiple layers of security solutions. In the event one fails, another hopefully will stop the intrusion.
You can no longer rely on just anti-virus. Your cybersecurity needs to evolve as the security landscape evolves – no matter what industry you’re in or what size your business.
We have years of experience working with Colorado Springs businesses to secure them against ransomware and other cyberattacks. If you’d like to learn more about what we can do to protect your business, contact us here or call us at 719-476-0444.
CONTACT US
EMAIL | sales@simpleworksit.com
ADDRESS |
1040a Elkton Dr.
Colorado Springs, CO 80907