Ransomwear

scary...I hope my partners who bought my outfit pay attention.

Good IT practices like you mentioned can help prevent attacks, but short of severing your office network from the internet, these attacks are bound to happen from time to time. Even the most tech savvy people can make a mistake; opening a compromised email attachment or clicking on a bad link. Just think, if you received an unsolicited email with a PDF attachment asking you for a proposal on the attached project, would you pause before opening it? Just like that your network could be compromised.

The only thing you can do is expect and plan for an eventual attack. Daily offline or offsite back ups. Encryption and managed access to sensitive personnel and billing files. Would it be the end of the world if someone got there hands on an unfinished subdivision plat? Maybe not. What if instead it was your entire office's SSN's and banking information?

On the subject, another thing to keep in mind. Consider a permanent network quarantine any computer you use to do public records research in small counties and municipalities. You've probably seen that many of these websites are terribly outdated in their interface, you can be sure their security is equally obsolete. Sometimes they even require older versions of Java or other web services, all known to be very insecure. Obsolete and vulnerable, government databases are easy pickings for attackers who might leverage their access to let themselves into your network.

BTW it is ransomware (as in software), not ransomwear , and I really hope I never have to deal with anything like that. I am a very small outfit, so I am the IT guy as well as everything else.

Yep you're correct. It was late and I was still pissed! I knew it didn't look right when I typed it.

I asked my computer guy is there any recourse and he said you can contact the FBI. No thanks. I'd rather not have the Feds snooping around my office. Not that I have anything to hide but still.

He gave me three tips to reduce the threat of being hacked:

1. Strong passwords and change them frequently
2. Close all firewall ports that you don't absolutely need. Use SSL VPN for remote access
3. Educate all employees about email safety. Don't click attachments from people you don't know or weren't expecting. I guess if you get a suspicious email, you can preview it on your phone first.

andrewm, post: 417451, member: 10888 wrote: you can preview it on your phone first

I like this one.
Thank you for sharing your story.
I am sure that this will quietly help others.

andrewm, post: 417451, member: 10888 wrote:

I asked my computer guy ..

You said you were a small outfit, seems like you would not be on some international hackers ring radar. Any chance it was an inside job? Maybe a "computer guy" that has inside knowledge of your network?

Did they take all your clothes and try to get money from you?? 😉

Having a tape back up of all your data files, is pretty good insurance. They can't get into that info. Worse case you have to wipe a computer and re-install programs then restore all the data.

[USER=12051]@tfdoubleyou[/USER]

How could or would these attacks occur if running Intranet LAN but connected to the Internet for email?

Tia

definitely "I am not the expert you are looking for" but I believe if you have Any device physically connected it too can be penetrated. (remote user)
that said, I have a couple large USB drives (and one other off site) that I plugin and run run backups... IF I then remember to UnPlug then I figure it is just a matter of format, reinstall, and copy back any "lost" data.

(I actually did just that a week or two ago... Windows 10 "ate my homework")

andrewm, post: 417451, member: 10888 wrote: Strong passwords and change them frequently

We've discussed this before. I don't agree with frequent changes.

A password change is beneficial if and only if A) it occurs in that (hopefully small) time after a hacker compromises your machine and before you discover the fact, or B) if it interrupts their cracking search. But your changes are not likely to be more frequent than the time to crack any password they are able to crack.

Downside: frequent changes motivate users to use simpler passwords that are easy to generate, remember, and of course crack.

If you use strong passwords the risk remaining is primarily that of opening a nasty file.

Bill93, post: 417485, member: 87 wrote: We've discussed this before. I don't agree with frequent changes.

A password change is beneficial if and only if A) it occurs in that (hopefully small) time after a hacker compromises your machine and before you discover the fact, or B) if it interrupts their cracking search. But your changes are not likely to be more frequent than the time to crack any password they are able to crack.

Downside: frequent changes motivate users to use simpler passwords that are easy to generate, remember, and of course crack.

If you use strong passwords the risk remaining is primarily that of opening a nasty file.

I've gone to using a password manager. This allows me to have one really complex password to keep up with, that gives me access to all of the others. It also has a password generator where you can specify how many characters and which type of characters to use for each password. You can cut and paste user names and passwords from the manager into the appropriate fields and it clears the clipboard after a few seconds to further limit exposure. On anything important, I use the maximum number of characters and types allowed by the site and change it at least as often as prompted by the site. It isn't perfect but it beats using "password" on every site.

I have been using this for a few months: http://keepass.info/index.html
the nice thing is that the data file is portable... (but Not "on line")

Peter Ehlert, post: 417498, member: 60 wrote: I have been using this for a few months: http://keepass.info/index.html
the nice thing is that the data file is portable... (but Not "on line")

That's the one I use as well. It's probably a risk but I have my data file located in the cloud where I can update a password on my desktop, laptop, or phone and the changes show up on the others. They'd have to crack two pretty serious passwords to get at the contents of the data file.

We all just write the passwords on sticky notes and place them along the edge of a monitor. Really important stuff is under the keyboard..

thebionicman, post: 417505, member: 8136 wrote: We all just write the passwords on sticky notes and place them along the edge of a monitor. Really important stuff is under the keyboard..

That's probably how I'd still do it if it weren't for the need to access things from my laptop and phone. It's terribly hard to carry a phone covered in post-its without leaving a trail of passwords in your wake. 😉

Bill93, post: 417485, member: 87 wrote: We've discussed this before. I don't agree with frequent changes.

A password change is beneficial if and only if A) it occurs in that (hopefully small) time after a hacker compromises your machine and before you discover the fact, or B) if it interrupts their cracking search. But your changes are not likely to be more frequent than the time to crack any password they are able to crack.

Downside: frequent changes motivate users to use simpler passwords that are easy to generate, remember, and of course crack.

If you use strong passwords the risk remaining is primarily that of opening a nasty file.

You are correct. The benefit to frequent password changes is you limit the amount of time the hacker has to figure it out once they're in. I can set password strength requirements using Active Directory group policy (or so I'm told), so my employees can't use simpler passwords. They're going to hate me tomorrow when I implement this!

Fun fact. LSU just installed a new Bit Coin ATM machine on campus.

Andy J, post: 417478, member: 44 wrote: Did they take all your clothes and try to get money from you?? 😉

Honestly, I do feel rather violated!