I did not intend to write about data security this month—but then my priorities and attention got shifted—my server was hacked by Russian playboys—for ransom.
I signed on to my server, located in my PA office, from my NY office about 11 AM on a Monday morning. Immediately there was a different feel. It didn’t take long until I found out the reason. All of my files had been encrypted with the file extension of “. keep calm.”
A quick search on Google and I knew what had happened—just not how it happened.
The good news is that I am fastidious about data backup. I have backups for my backups. It didn’t take long to find out that not all of them were as effective as I hoped.
I called my IT support technician and asked him to take a look. A call later on that afternoon indicated the problem was much more severe than I had anticipated. I backup to four separate drives on site at my PA office. In addition, I backup to two offsite services, Mozy and Dropbox.
It had not taken my IT tech long to track the event. My uninvited Russian guests had first gone to my web site and apparently thought there might be value in going after me. They broke the password on my server at 4:30 AM that Monday morning and spent the next 3 hours doing their handiwork. Not only did they encrypt all the files on all the hard drives, they went to my remote backups, got into them, encrypted those files and then closed my accounts on the way out.
I was literally left with what data remained on my laptops and my Microsoft 365 account. For some blessed reason, they left my Microsoft 365 unmolested—thus my email and contacts were all intact and fully functional.
I could have paid the ransom and hoped that the dishonorable would honor that act and restore my data—or I could put my faith in my backups and try to recover clean data from them. After a discussion with my IT person I felt reasonably sure I could affect a successful recovery from Mozy and Dropbox.
The first step was to restore those accounts, a simple process. Neither had taken any action as a result of the cancellation. I then found the deeper value in those services.
Both keep 30 days of “shadow” files. That means they can do a restore to an earlier date and time.
In the case of Dropbox (which is not an automatic backup) I had the option of being able to restore to a date prior to the hacking event—however each time I did that the restored file would encrypt. By contacting Dropbox and providing them the date and time of the problem they were able to restore all those files to a time just prior to the “invasion.”
Mozy is an automatic backup service that occurs at multiple times during the day and night. They too were able to restore all the files to a time prior to the event.
In the final analysis, it took me a few days to recover my files and a bit longer to replace my drives and reconfigure my server but I learned a few lessons along the way:
- What was “right”: my offsite backups. They worked perfectly and while recovery took time it was complete and done with the utmost professionalism by both companies. I can’t say enough good about their value.
- What was “wrong”: my multiple hard drive back-ups on site were primarily to provide backup for a failed drive and secondarily for a possible virus—in this case they had zero value to protect against a live intruder. Secondly, my password management was lax. The passwords were not sufficiently “strong” and I was not diligent in changing them.
- What has changed: My passwords are all redone and massively strengthened, some now 16 characters that were generated using a random generator. Equally important is the routing into my server is completely reconfigured and has minimal exposure to anyone “cruising” for a victim.
As an aside, my extensive use of leased software from Microsoft, Autodesk, et al. made moving into the new drives a far easier process than what would have been required using CD’s. Life does get simpler in some ways!
If you think you are too “insignificant” to be a target of these players, you are wrong. Every one of us has to believe that this can and will happen at some point and all you can do is be certain that you limit your degree of exposure. Had I not had effective and functional offsite backup, I would have lost extensive data files, including all of my financial records back to 1996.
Sit back and take a moment to think about the disruption to your business if all your data was lost. After that reality sets in, sit down with your IT people—today—and review your security and backups; don’t allow yourself to be a victim. The cost of robust offsite backup is insignificant when compared to the potential cost of lost data. It is insurance you cannot afford to be without. In conjunction with the backup, have your IT people do everything they can to strengthen your firewall, including hardening your passwords.