Effective IT security is a vital part of a business, and cannot be an afterthought. H&S Computers works to provide comprehensive solutions to decrease the risks of cyber security attacks and has measures in place for when these attacks are successful. Below is an example of that, H&S Computers was able to respond to a threat and resolve the issue without any down time at the business or loss of data,
On Saturday we received alerts from H&S Computers monitoring software regarding some problems with a client’s servers. We connected to the servers and discovered they had been infected with ransomware. All of their data was encrypted and inaccessible.
The client was notified and we began reviewing the servers. We found a port in their firewall had be inadvertently opened, exposing a server to the Internet. The hacker was able to connect to network and began encrypting the data on the servers.
Ransomware attacks are becoming more sophisticated as hackers attempt to encrypt both the data and backup, making recovery impossible. Fortunately, the backup system H&S Computers uses is an air-gapped backup, meaning once data is backed up, it is impossible to delete or alter the backup files from the original system.
We began restoring the client’s servers to a spare server they use for disaster recovery. The restoration took about 24 hours to complete. We met at the client’s location first thing Monday morning with the recovered servers. They booted them up and the client’s employees were able to connect to all of their systems with no loss of data and no down time at work.
This event highlights a couple important IT topics and questions that should be asked to lower your risk of a hacker attack:
- Secure backups. Are you backing up your data regularly? Where are the backups being stored? It is vitally important that the backup system used has offsite storage and cannot be modified from the original system. Hackers know that if they control both a company’s data and backups, that company will be forced to pay the ransom to retrieve their data.
- Monitoring. Do you have a system for monitoring your servers? Without monitoring software, we would not have been alerted to the problem until the employees started working on Monday and discovered they couldn’t access their data. This would have resulted in downtime for the client.
- Periodic review of IT systems. When was the last time your IT system was reviewed? Do you have regular IT system checks setup? Do you have a protocol for when issues are detected? While reviewing the client’s firewall, we found other ports that were open that should not have been. Those were closed to prevent future breaches.
Have questions or want to learn more? Reach out to us at firstname.lastname@example.org