What can you expect if you get crypto-locked?

by | Jul 29, 2022 | News, Security

!Right now, there’s a crypto-locked server in the lab in our Kinetics Auckland Office.

It’s not from one of our clients, but a business that’s come to us, after the event, asking for help. We are busy rebuilding it and restoring the data and configuration to the server and business’s PC’s.

They have insurance, but that also added to their downtime. The insurer took all the client’s kit and did a heap of forensic investigation before releasing it for rebuild. Only then did it come to us. By the time we finish rebuilding, this company will have been without a system for two or more weeks!!

Don’t let ransomware happen to you!

In our busy work lives, with all the various challenges that compete for our attention, it is easy to forget that crypto-locking is real and extremely disruptive. As I drove into the Kinetics office this morning, I heard on the radio that reported ransomware attacks in New Zealand have doubled every year since 2019.

Email-based fraud might be more common and can cost a lot of money, but a ransomware attack can kill a business.

We are also hearing more examples of insurance companies checking that organisations have taken reasonable care before they settle claims. All businesses need a managed-cyber-security regime, like KARE for Security, that is multi-layered, and designed to reduce your risk.

No one can promise to prevent you from being hacked, but we can promise to reduce your risk and make it less likely.

We know it’s frustrating that as hackers become more sophisticated, the protections you use have to increase, which slowly increases costs as well.

The good news is that we know it works. For example, we recently had a KARE for Security client using one of our KARE supplied Firewalls. They had a cyber-event – a “bot” on their network. Our KARE tools sent us an alert and we jumped straight in. We quickly we found that they had given their WiFi key to a visitor, and that visitor’s laptop was infected! The good news is that KARE for Security was able to protect the client, and that having a separate ‘guest’ network for visitors protected the business as designed. (Never give a visitor with an unknown device access to your production WiFi network)

So, what should you do when you are the victim of a cyber-attack?

Firstly, make contact with your IT support, and set up an emergency response team.  Most insurance includes some recovery expertise, so they should be one of your first phone calls.

Secondly, the team needs to contain the breach. How large is it, what is impacted, and how can you be sure that the vulnbnerability is no longer present and the hackers can’t get back in?  For  example, you may want to turn things off and isolate them on their own network away from your ‘clean’ IT assets, and lock out all user credentials that aren’t absolutely needed.   Start changing passwords for the remaining users.

Next, consider the Privacy Act, and your obligations to communicate with any stakeholders whose data has been impacted.  You might need to work with your HR team where your people are concerned , and your comms or PR support as you reach out to larger groups of people.

At all times, remember that you are not alone! Every organisation is under the same threat and many blue-chip names have succumbed, in some cases more than once.  All any of us can do is reduce the risk, and to do so within the budget that fits your tolerance for risk and cost.