Jump to content



Photo

Law Firm Loses All Files to CryptoLocker Ransomware

doh

  • Please log in to reply
31 replies to this topic

#1 +warwagon

warwagon

    Only you can prevent forest fires.

  • 25,933 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 19 February 2014 - 00:27

law firm has bravely admitted losing its entire cache of legal documents to the Cryptolocker Trojan despite attempting to pay the $300 (APS180) ransom in a bid to have them unscrambled.

According to TV reports, Goodson's law firm in the North Carolina state capital Charlotte became the latest victim of a malware menace that was custom-written to lever ransom money from precisely this type of relatively cash-rich but time-poor firm.

 

The email infected a company server holding thousands of important documents after an email with a malicious attachment was mistaken for a message sent from the firm's phone answering service.

That error left every single document used by firm on its main server in an encrypted state, including Word, WordPerfect and PDF files, said Goodson's owner, Paul M. Goodson.

 

 

"The virus also warned if you tried to tamper or decrypt anything, it was going to be permanently locked and you could never open it," Goodson said.

After IT staff were unable to make any headway against the malware's encryption, Goodson tried to pay the ransom but discovered that the grace period - another nasty aspect of Cryptolocker - had expired.

The only blessing was that the malware had scrambled files and not stolen them, Goodson added.

 

According to the Wsoctv TV channel, local police were aware of at least 30 cases where paying the ransom had resulted in an unlock key being delivered. Balancing this, we should point out that not everyone has reported having this success.

 

http://www.networkwo...?source=nww_rss

 

Cold backups FTW!




#2 Aheer.R.S.

Aheer.R.S.

    I cannot Teach Him, the Boy has no Patience!

  • 11,528 posts
  • Joined: 15-October 10

Posted 19 February 2014 - 00:28

ouch

 

I only hope there's some way to find the little pricks that write this crap



#3 Praetor

Praetor

    ASCii / ANSi Designer

  • 2,655 posts
  • Joined: 05-June 02
  • Location: Lisbon
  • OS: Windows Eight dot One dot One 1!one

Posted 19 February 2014 - 00:29

backups, backups, backups!

 

I had one client that had this; only backups saved that client legal (and financially) ass and the ransom was much higher than 300$; they were asking for 4k, so i guessed it was a direct attack.


Edited by Praetor, 19 February 2014 - 00:31.


#4 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 25,933 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 19 February 2014 - 00:31

backups, backups, backups!

 

The problem is how you have your backups setup. If you have a backup drive connected to the infected computer it would encrypt the files on the backup drive as well.



#5 Sadelwo

Sadelwo

    Neowinian

  • 1,056 posts
  • Joined: 07-December 07
  • Location: Look up...
  • OS: Windows 8.1
  • Phone: Lumia 820

Posted 19 February 2014 - 00:35

backups, backups, backups!

 

 

We've become so dependent on technology and people still fail to realize how volatile it really is. No matter how many times you tell them that, they never think its important, until their hard drive goes dead taking all their wedding and baby pictures with it and the only way to recover them is paying hundreds or possibly thousands of dollars to a data recovery service.



#6 Praetor

Praetor

    ASCii / ANSi Designer

  • 2,655 posts
  • Joined: 05-June 02
  • Location: Lisbon
  • OS: Windows Eight dot One dot One 1!one

Posted 19 February 2014 - 00:37

The problem is how you have your backups setup. If you have a backup drive connected to the infected computer it would infect the backup drive as well.

 

lol

that's why there's backup and disaster recovery plans, not sloppy things like that. And i know, i've seen too much of "cheap" backup solutions gone out of the window when there's a real need for a restore: a backup is only good as the restore; because of that i do monthly restores in my clients to ensure that the backup worked as expected, the data is integrate and valid and to validate it before any major change in the servers, like updates, new software installed and so on.



#7 jakenwv

jakenwv

    Neowinian

  • 4 posts
  • Joined: 19-February 14

Posted 19 February 2014 - 00:38

any IT staff worth its salt would have a backup strategy in place.  Not have the backup drive on the same server/computer.  You would think that with it being a law firm that they would have a backup solution offsite. I would.



#8 Praetor

Praetor

    ASCii / ANSi Designer

  • 2,655 posts
  • Joined: 05-June 02
  • Location: Lisbon
  • OS: Windows Eight dot One dot One 1!one

Posted 19 February 2014 - 00:41

any IT staff worth its salt would have a backup strategy in place.  Not have the backup drive on the same server/computer.  You would think that with it being a law firm that they would have a backup solution offsite. I would.

 

It depends on the law from the country or state; because an law firm deals with very sensitive data sometimes it's not possible to offsite that data to, let's say, the cloud (even a private one). I know this because in my country only recently this was changed; still it's not an excuse to have a proper DR plan.

 

And yes: data is volatile :/



#9 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 25,933 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 19 February 2014 - 00:43

Even if they had something like carbonite in the place they would still probably be in good shape assuming they would have frozen the backup upon infection. but even carbonite has versioning.



#10 Hum

Hum

    totally wAcKed

  • 62,098 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 19 February 2014 - 00:56

This is why you should employee 1000 chinese children to hand-copy everything in triplicate. :|



#11 Open Minded

Open Minded

    Balance

  • 1,254 posts
  • Joined: 14-July 11
  • Location: California

Posted 19 February 2014 - 00:57

This is why I'm a firm believer in that any critical workstation with sensitive data must not have Internet/network access and be standalone.  



#12 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 25,933 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 19 February 2014 - 00:59

This is why I'm a firm believer in that any critical workstation with sensitive data must not have Internet/network access and be standalone.  

 

You don't know how many customers I have that use their mission critial workstations / servers to browse the internet. I have this one customer who runs a tanning salon. The computer at the front of the store which RUNS THE TANNING BEDS and has ALL of her customers data on it she uses to browse the internet as does her teen employees. That computer is ALWAYS full of Crapware toolbars and other stuff. I asked her one time what happens when this computer goes down? She said "I'm screwed"

 

The only reason my quickbooks machine has internet access is because I email invoices from it. But there are no mapped drives to that machine. It's also a laptop, that just runs with the lid closed behind the monitors of my main workstation. It's accessed from the machines in the house via Remote Desktop. The No browsing is done on that computer nor are any applications installed other than windows updates. It's just "Quickbooks"



#13 Praetor

Praetor

    ASCii / ANSi Designer

  • 2,655 posts
  • Joined: 05-June 02
  • Location: Lisbon
  • OS: Windows Eight dot One dot One 1!one

Posted 19 February 2014 - 01:02

This is why I'm a firm believer in that any critical workstation with sensitive data must not have Internet/network access and be standalone.  

 

NSA would laugh at your plan. :laugh:

 

now really: it doesn't matter really when the weak point is:

- lack of preparation for a disaster (it's not a matter of how but when).

- poorly trained users (opening every attachment from strangers emails, using pendrives everywhere, etc.)

- convenience vs security: it's more convenient to have all the data available but one must not forget that comes with a increased security risk that should be proper taken care of.



#14 Praetor

Praetor

    ASCii / ANSi Designer

  • 2,655 posts
  • Joined: 05-June 02
  • Location: Lisbon
  • OS: Windows Eight dot One dot One 1!one

Posted 19 February 2014 - 01:07

You don't know how many customers I have that use their mission critial workstations / servers to browse the internet. I have this one customer who runs a tanning salon. The computer at the front of the store which RUNS THE TANNING BEDS and has ALL of her customers data on it she uses to browse the internet as does her teen employees. That computer is ALWAYS full of Crapware toolbars and other stuff. I asked her one time what happens when this computer goes down? She said "I'm screwed"

 

just make sure you have, in a written way (like email), warned her for that bad practice and the potential consequences so when problems arise (leaking costumer data, financial records, dead computer) she won't throw you under the bus for not having her warned about it.



#15 exotoxic

exotoxic

    Neowinian Senior

  • 2,141 posts
  • Joined: 04-April 04
  • Location: England

Posted 19 February 2014 - 01:11

wasn't a tool to unlock the data released awhile back??