Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Ransomware Attack Victim: Once Bitten, Twice Shy


One day in 2006, Percy Syddall arrived at his business, sat down, turned on the computer, and discovered that he couldn’t access the system . He couldn’t get onto the company’s network, couldn’t access files or applications, and couldn’t reach any of the corporate data. He was completely locked out--a ransomware attack victim.

Syddall, the CEO of A1care , a home healthcare company in the San Francisco Bay area, was a victim of ransomware almost a dozen years before the threat of ransomware reached the national conscience through such high-profile attacks asWannaCry, NotPetya and SamSam. A1care’s computer system, network and applications were being held hostage by unknown attackers who demanded hundreds of thousands of dollars before they would enable Syddall to regain access to the system.

The CEO spoke with other companies about the situation--ransomware was still a relatively unknown form of attack, even though it had been around for at least a decade before it reared its head with A1care--and after weeks of negotiations that included changes in conditions and demand for more money, Syddall eventually paid the ransom and got its system, applications and data back.

At the time of the attack, the situation was chaotic. As Syddall told ITPro Today, he had no idea what was going on, had never heard of ransomware, and “didn’t even know what it was or how these people were able to do the things they were doing.” There also was a scramble to raise the money--banks back then had rarely heard of ransomware and were reluctant to loan money to a small-business CEO who said his computer systems were being held hostage, Syddall said--and to alert customers about the situation.

“One of the things that was so disheartening was that I had to contact every one of our clients and let them know that we had something wrong with our systems,” he said. “That was heartbreaking. Once we had settled it and we retrieved the information, we had to verify everything. The most disheartening thing was we had to call out clients and ask them who was working there--who were my caregivers who were working there--and that was shocking to them. I had to explain to them we couldn’t get in our system.”

Longer term, the ripple effects from the attack continued for more than a decade. At the time of the attack, Syddall said, he felt he had all the security he needed in place--including the use of cybersecurity software from the likes of McAfee and Symantec, and having his workers defrag their systems at the end of every week. He soon learned that wasn’t enough, and, during the past dozen years he has run through numerous security solutions to keep a step ahead of bad actors who have become more sophisticated and malware that has become more complex. The threats keep evolving, so the defenses that A1care employs must also evolve quickly, he said.

“I’ve come to the point where you cannot have enough security,” Syddall said. “That is the bottom line since 2006. You can never have enough.”

The latest example is his embrace this year of Mirror Shielding technology from NeuShield that is designed to essentially create a layer of protection that--should an attacker get through other defenses--enables the harmful code to simply attack a mirror image of the data on the network. Meanwhile, workers can see that the attack has happened and with one click restore the file to its pre-attack condition and continue to work, according to Marcus Chung, CEO of BoldCloud, which helped set up A1care with NeuShield’s Data Sentinel mirror-shielding technology. The product is designed to work in conjunction with traditional security solutions like anti-virus and backup-and-recovery software.

“It’s very important for businesses and individuals to know that, as much as we’d like to have that one magic silver bullet--have this one security product and it solves all my problems-- unfortunately, it doesn’t work that way,” Chung told ITPro Today. “The best way is to marry your security and overlap those capabilities.”

For A1care’s Syddall, bringing in NeuShield falls in line with what he’s been doing since 2006. The company has run through at least three to four security solutions during that time, to ensure it has the best protection possible. Right after the ransomware attack, Syddall hired an IT manager but learned quickly that most IT professionals don’t have deep security backgrounds. He brought on 24hourtek to help with security. The service provider scans A1Care’s systems at night at midnight to find threats and detect anomalies. (A1care recently fired an employee after 24hourtek discovered he was viewing pornography on company computers.)

At the same time, Syddall over the years has learned as much about security as he could. When new security products came out, he would have vendor representatives come to his office, talk about the technology and get a demonstration.

“Here’s the funny thing: I would ask a lot of people who come to my office to sell me on their security, ‘If I put this into my system, is it hackable?’” the CEO said. “And they would say, ‘No, once you put this into your system, you won’t be hackable,’ which I know is not true. There’s just no way to stop a hacker if he wants to get in. But my main thing was I wanted to make sure my system wasn’t compromised, that my data wasn’t used for any purpose except by people in my office.”

A1care isn’t a large company, but it has its share of security challenges. It has about 600 clients, but it’s a highly mobile computing environment, with the bulk of its caregivers work from home or the road over laptops and iPads. The company is in the process of expanding its business into Utah, creating an even wider distributed environment. At the same time, Syddall continues to try to make A1care a completely paperless company, with everything online.

Ransomware, fueled by WannaCry and similar campaigns, was the top cybersecurity threat last year, but security researchers from companies like Kaspersky Lab, Trend Micro and Check Point Software have found that the incidence of ransomware has slowed since late last year as protections against it have improved andstealthier malwarevariants, like those that steal compute power to mine cryptocurrencies , have grown in popularity.

Still, ransomware is still out there and thehealthcare industry--with its wealth of personal data-- continues to be a target . According to cybersecurity vendor Cylance, the healthcare industry was the target of 34 percent of the ransomware attacks in 2017, twice that of the second largest target, manufacturing.

Syddall first spoke with BoldCloud’s Chung in January, and i

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles

Latest Images