Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Ransomware attack

  • 02-12-2019 12:02pm
    #1
    jordanfaf
    Registered Users Posts: 163 ✭✭


    So we came in to work today to find out our office was a target of a ransomware attack. We are a company of around 150 employees, all heavily computer reliant and nobody can work. I.T cannot provide a window of resolution so for now we are all just sat staring at the wall.

    This may be a "how long is a piece of string" question. But has anyone got experience in similar situations. How long can we expect to be down? Days, weeks? Will we be able to get back to work before Christmas to keep on our deadlines?

    Obviously yous cannot answer definitively not knowing our set up etc. But what is the general time frame for such a situation to be resolved.

    It is an office wide virus, all files seem to be compromised and are inaccessible and have been renamed by the hacking party.


Comments

  • #2
    squawker
    Closed Accounts Posts: 501 ✭✭✭squawker


    all depends on the backups of your data

    all desktop PCs will have to reinstalled so anything stored locally on your drives is gone

    no one here could give you a definite time frame as we would need to know more about your setup


  • #3
    purpleisafruit
    Registered Users, Registered Users 2 Posts: 508 ✭✭✭purpleisafruit


    jordanfaf wrote: »
    So we came in to work today to find out our office was a target of a ransomware attack. We are a company of around 150 employees, all heavily computer reliant and nobody can work. I.T cannot provide a window of resolution so for now we are all just sat staring at the wall.

    This may be a "how long is a piece of string" question. But has anyone got experience in similar situations. How long can we expect to be down? Days, weeks? Will we be able to get back to work before Christmas to keep on our deadlines?

    Obviously yous cannot answer definitively not knowing our set up etc. But what is the general time frame for such a situation to be resolved.

    It is an office wide virus, all files seem to be compromised and are inaccessible and have been renamed by the hacking party.
    Hard to say but Pilz got hit by one several months back and they're still not operational
    https://www.zdnet.com/article/major-german-manufacturer-still-down-a-week-after-getting-hit-by-ransomware/


  • #4
    28064212
    Registered Users, Registered Users 2 Posts: 10,846 ✭✭✭✭28064212


    jordanfaf wrote: »
    But what is the general time frame for such a situation to be resolved.
    The general time frame can range from one hour to "gone out of business". It's entirely dependent on the specifics of your scenario. Some possible outcomes:
    • Best-case: the attackers used an already-cracked variant, and there's a decryption method available - quick, if it can be found fast
    • The company pays the ransom - quick, assuming the hackers have any intention of following through
    • Your IT team restores your nightly backups from an on-site server - depends on how good your IT team are and how much needs to be restored
    • IT restores backups from an online or off-site+off-line backup - will take time to get the data on-site
    • Worst-case: backups aren't taken, or are also infected, 1 and 2 aren't options - the data is gone, and there's nothing that can be done. Depending on your company, that could be the end of the business
    Of course, there's no point doing any of that until the vunerability is identified - no point restoring everything to just have the same thing happen tomorrow

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • #5
    horgan_p
    Moderators, Education Moderators Posts: 2,610 Mod ✭✭✭✭horgan_p


    There's another option , and it happens more often than you'd think :

    1) Pay the ransom. There's a risk/reward equation done. How much is this costing us per day. If X is greater than Y - pay the man (insert John Malkovic in Rounders impression)
    2) Decrypt data. I know of one place that successfully blackmailed the attackers by saying they would spread across every blog, twitter feed and social media outlet at their disposal - and they had a substantial social media reach, that they had paid the ransom and never gotten the decryption key. The victim was going to destroy the ransomers reputation. They got the key and didnt pay - high risk to say the least.
    3) take backups of data and analyse the bejesus out of it. Document all infrastructure.

    4) take all servers back to bare metal. scrap disks.
    5) re-setup from scratch. Literally. rotate local doain names, passwords, usernames - the lot.

    It isn't pleasant, and companies would hate to do it. But they'd hate to go out of business more. And if they are in a regulated market segment where they would have to declare any data breaches, then they choose to pay the ransom and keep everything quiet.


  • #6
    [Deleted User]
    Posts: 11,614 ✭✭✭✭ [Deleted User]


    How big is the IT team?

    I've worked in places of similar size and the IT team was a graduate and an intern.


  • Advertisement
  • #7
    Tec Diver
    Registered Users, Registered Users 2 Posts: 408 ✭✭Tec Diver


    My own opinion; never ever pay the ransom. Not only do you risk not getting the decryption keys, but being out of pocket with no data.
    You can try https://www.nomoreransom.org/


Advertisement