Ransomware Horror Story


Ransomware hits admin workstation and kills 7 servers.–PC Pitstop

Ransomware Horror Story

By Stu Sjouwerman, for KnowBe4.com Security Awareness Training

I wanted to share a horror story with you, something that happened to somebody the day before yesterday. This is what happened in their own words:

“We are a 250 employee non-profit and we heavily rely on our computer systems in almost everything we do. Yesterday, one of our admin workstations was hit with CryptoWall Version 2.0, and because this workstation had drives mapped to all our servers, and the administrator had permissions, all our seven servers were encrypted and we were dead in the water.

CryptoWall took just 55 minutes to encrypt 75 Gigs of information, and it had penetrated most of our network before we found out what was happening, isolate the workstation and get it disconnected from the network. We had backups of the seven servers but it would take days to restore those, so we opted to find out if we could decrypt the files first.

Article continued here

153 total views, 1 views today

(Visited 34 times, 1 visits today)

12 thoughts on “Ransomware Horror Story

  1. if you get the ransomware splash screen, simply press the power button in your pc and cut off your computer. then restart it and it should be gone.

  2. These people are PART of the criminal conspiracy. They are effectively taking a cut of the ransom. They are encouraging ransomware, not doing a thing to stop it as claimed.

  3. I have a technique that has allowed me to avoid ransomware establishing itself on my work PC. I don't get it very often (maybe once a month) but when I do I DO NOTHING in the window it has established. I ctrl-alt-delete bring up the task manager and kill the browser application.. Has worked every time but I would like to prevent it from getting as far as it has onto my PC. I do lose all the tabs and windows i was working on but I have long ago learned never to hang my neck out by leaving importnat work unprotected for very long. Also – when I restart my browser (which is mostly Chrome)
    I get the yellow banner that tells me there was an irregular shutdown and do I want to restore the tabs. In the beginning I said yes once and quickly realized it also restored the ransomeware. I never said yes to restore since then!!!!.

  4. Does this ransomeware effect ALL connected drives or just the Windows parts?

    I’ve been lucky. I got the FBI one a few times and quickly turned off the computer. Started it back up in Safe_Mode and ran a few different full system virus scans. I didn’t find anything, so I guess I cought it quick enough or maybe it was just an imposter trying to scare me.

    I have nothing of any real value on my computer, but I do have about 17 TB of disk storage. Mostly movies, music and pictures. I have the originals to recopy from but that would literally take FOREVER to do over.

    I would NOT have paid anything though.

  5. Good feedback! It is definitely controversial to pay ransom to cyber criminals, however it's a business decision that each victim needs to make based on the circumstances. If you have the choice between $500 and 250 employees sitting on their hands for a week, what would YOU do? Interested in hearing your opinion! Warm regards, Stu

  6. It appears that this ‘technical article’ is nothing more than a blatant advert for KnowBe4. It also appears that since their first solution is to pay the ransom, they do not have an adequate portfolio of “innovative security products” as they claim. This ‘story’ leaves a nasty flavour of this company being in collusion with the criminals. Based upon what I have read, I will advise my clients to refrain from having any dealings with them.

  7. Paying Ransom, for any reason, is the start of a trip down a dark and slippery slope. A short term fix that creates a long term problem! This should be treated a the National Security Risk that it is. Give the NSA people some thing useful to do. It will only get worst as more and more get into this Get Rich Quick game. Even the middle men,like the one in this story, are making money putting bandaids on the problem. They are collecting Protection Money like the Mob does. How do we know if some of these Middle men are not aligned with the Ransomware crew?

  8. Wow! It is so good to know that there is someone here to help us make extortion payments to professional criminals! Does the featured company also facilitate the transfer of funds to Islamic State?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.