A classic hacking attack

Client's business card

The client is engaged in the import and trade of nutritional supplements. There is a physical store, an online store, an office and a warehouse – all connected by a secure VPN connection. The database of specialized software is stored on a server. It's practically all the information a business has ever set foot on - customer data, sales statistics, reports, inventory. The processing of orders and the creation of new ones is also done through the server. It is the main IT system that is of critical importance to the company.

IT the problem

On a Saturday, the customer contacted us with an emergency - he could not access the server and thus the store could not work. We immediately set about doing basic diagnostics and finding out where the problem was coming from. In a previous stage of our partnership we had built theirs network, as well as the necessary settings, so we easily connected to the server system. We found out she was infected with ransomware. The malware's message stated that all data was encrypted and a ransom had to be paid to unlock it. A classic hacker attack! This, of course, created some concern for the client's team, because the main and only information was affected.

The solution

Initially, we tried to restore the system through which the online store creates and processes requests. We were able to find sections of the program's databases that were not yet infected among the encrypted arrays. We installed the server program with these uninfected fragments on another computer, temporarily. We have made settings so that the store can have access and the work does not stop. We were very careful not to infect other computers and devices.

After finding a solution for the time being, we tackled the server itself. Our goal was to make sure that such incidents do not happen again.

In such situations, it is necessary to approach individually and with sober judgment. We didn't know where the breach came from, but our assumption was that it was due to complex reasons - the company did not have regular IT support, the server operating system was not updated - they were using Windows 7, which is not for such purposes, there was also no antivirus, updates , archive and recovery plan. There were also gaps in the network settings, such as open ports on network devices.

Our rescue plan then went like this:

• we took the server to the office of Geletron, we dismantled the infected disk, performed a full hardware preventive maintenance on it and installed a new disk with a new installation; we subsequently returned to him the preserved unencrypted part of the data, temporarily uploaded to a side computer
• we installed a reliable Windows 10 server operating system
• we added an antivirus program
• we created security plan – archiving on an external drive of the data on a daily, weekly and monthly basis
• we changed everyone passwords on the computers as well as the new users we created on the server
• we have created an instruction for future work so that the security of IT systems is not neglected
• we also made recommendations on how to invest wisely in this direction in the future

Two days after the incident, the company was already operating as usual, but with an updated and secure system. IT risks to the business were reduced to an absolute minimum.

For prevention and crisis IT management, get in touch with us immediately.

Things of life

the team of Geletron has many years of experience in the construction, maintenance and management of IT systems. For us, each solution is not just a sequence of technical steps, but a carefully selected mix of services, which will provide the needs of the specific client in the future and in the future.

From our everyday and very diverse work, we choose to present to you a series of iconic cases, so that you can better imagine what it is "IT decisions'. If you recognize yourself by the lines, then it is time for a positive change. We are at your disposal to do it together.