A couple of years ago I was contacted by a local SME Engineering business, after they had embarrassingly been impacted by a Ransomware attack, denying the business access to several their critical engineering assets and templates, resulting of course in client impact, and a black mark against their trusted reputation. As they, like many SME’s were low on IT and Cyber Savvy Skills, joined by the fact they did not have in place a robust/adequate backup strategy, their only alternative was to pay – and on this occasion, thankfully there was honour amongst thieves, and they did receive by return the encryption keys to unlock their golden, engineering business assets.
Given I am local to this adverse event, contact was made, and I was invited into their offices to review their cyber security posture, with focus on any prospect of a future Ransomware attack. I thus conducted the review and put in place several proactive security elements to enable a better level of resilience should any future adverse condition arise. And these included:
- TORs for the small IT Team
- Policies and Procedures
- Incident Response Plan
- A Robust Backup Plans
- And plugged them into a CERT, and multiple Alert Intelligence Feeds
At that time, I also advised they use multiple iStorage FIPS-140/2 secure encrypted drives to store their engineering data and critical assets on, this to also cover their areas of expected governance in relation to those mandated aspects such as GDPR. On that visit, I also demonstrated how they could store all their day-to-day important files on a secure drive which was set to READ-ONLY, thus provisioning access to the contents whilst not exposing files to the adverse testicles of another Ransomware attack.
Well, this week I have been encouraged by my fellow mankind who, it would seem has listened. Within the last seven days I was informed that the said company has suffered yet another compromise from a random passer-by Ransomware attack. However, this time, proactive steps were in place, and they were back up and running in quick-time, and only lost short-term data which was not, in the great scheme of things critical.
The MD of this small company, who would prefer to remain anonymous called me to express his thanks, and gratitude for such a simple piece of common-sense advice has saved the company yet another pay-out into the hands of criminal gangs, but more the point was that the business could carry on working, with very little impact to their supply chain.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.