“Hello Andy, our Document Management System isn’t working correctly.”
“OK, let me remote in and take a look. Can you allow me to connect?”
I connected to the user’s PC, looked at the data, and took a deep breath… All of their files, regardless of file type, now ended in “.adobe”.
Upon further inspection, I found evidence of a ransomware attack. The first thing I asked about was their backups. Unfortunately, their backup system used “live” storage i.e.: Their backup media was always attached to the infected server. You guessed it, their backups were compromised as well.
I scanned each computer on their network, cleaning up anything I found. None of the computers caused the problem. I connected to each of the virtual servers and discovered that one of the servers had RDP open and someone was connected. I found the problem!
Long story short:
- Make sure you don’t have the ability to remote into your computers enabled. If you trust someone, allow them to remote
in toyour computer only when you give permission.
- Make sure that your backup media is disconnected after your data is backed up, or use an online cloud-based backup service.
- Make sure you are using effective passwords (see this article).
If you want to protect yourself and/or your business against ransomware, please give us a call: 936.559.7797