It’s early one August morning and my phone rings. On the other end is a panicked lawyer friend, asking if I can help one of her clients. Hackers have just encrypted his data, bringing all of his operations and production to a complete halt.
Normally, I would politely decline such a request, knowing that while this type of intervention offers a lucrative opportunity, it also demands considerable resources. This client, unknown to my company, is he worth diverting our attention from our regular clients to assist him?
For once, I agree. I immediately mobilize my team, gather some information about the nature of the attack before heading out, and start formulating an action plan. On the way, I quickly brief our technical lead on the situation so that he knows what we’re getting into.
Upon arrival, I’m greeted by the management team. A quick rundown reveals the extent of the disaster: the network is down, and there are no usable backups. More than forty servers are encrypted, paralyzing the activities of around 500 users.
While my team works hard to get this client back on track, I turn to the management to understand how such a catastrophe could have occurred. Is it a budget issue? Were the IT team’s requests denied? I’m told that budget has never been a problem. Yet, what I discover on the ground tells a very different story.
The servers haven’t been updated in years. The firewalls are obsolete, some of them no longer supported. There’s no multi-factor authentication (MFA), no password policy, and the list goes on. The IT infrastructure was a ticking time bomb long before the hackers broke in.
Following the ransomware attack, we first collected the logs to thoroughly analyze the incident and try to determine the origin and extent of the attack. To secure the compromised systems, we re-imaged the affected workstations, ensuring a clean and secure environment. We then installed the necessary security tools, implemented best practices, and changed all passwords across the company to strengthen protection against potential future attacks.
The lesson from this story is clear: if you’re a business leader with an in-house IT department, challenge your team, even if you trust them 100%. An external audit doesn’t cost much compared to the consequences of a cyberattack and can provide you with the assurance that best practices are not only in place but also being followed.
By Eric Rivest
Natrix Technologies inc
Back