The timing was ironic. Last night I was at the office when the date
changed to October 1, 2013; the beginning of National Cyber Security Awareness
month. The reason I was at the office
was due to a user installing the CryptoLocker ransomware on their machine. This particularly nasty and ingenious piece
of software encrypts all of the Word, Excel, PDF, and image files it can find
on local and network drives. It then
taunts you with the ransom, $300, to get all of your documents decrypted.
The user had opened an innocent looking
email with a zip attachment. Inside that
zip attachment was an executable file designed as a major money maker for these
criminals. It was a spear phishing
attack and it worked.
I first found out about the issue at
around 10:30 p.m. when my phone started buzzing the buzz of numerous emails
arriving. I was shocked when that number
showed 160+ unread emails and it was climbing quickly. The emails were from the antivirus agent installed
on that machine sending out alerts that something malicious was being
blocked. So I logged onto that machine
and saw the CryptoLocker window along with a note that all files are
encrypted. The threat had managed to get
through our email filter and our up to date antivirus agent was helpless to
stop it.
I immediately turned off the
machine and drove in to work to fix whatever damage it had caused. I restored the network files that had been
encrypted, but the local files were unrecoverable. We restored the machine from our image and
the user lost a day’s work. Paying the
$300 was never an option, we don’t negotiate with terrorists.
We have done some phishing attack
training with our users but that didn't stop this attack. I sent out an email to all users late last
night telling them to be alert and think before opening email attachments or
clicking on email links. I included a
link to the July, 2013 OUCH! Newsletter from SANS that talked about spear
phishing. I think the message was heard
loud and clear because it hit close to home.
It was also a good reminder that I need to do a better job protecting
our network. When attacks like this
materialize you go through the steps you could take to prevent it from
happening again in the future.
National Cyber Security month gives
you an excellent platform to push for more security and training for your
users. These threats are real and they
can happen to you.
No comments:
Post a Comment