I just saw this article about the ordeal a Network / Systems Administrator went through as the result of a ransomware attack. If you’re a business owner or Network / Systems Administrator for your organization, here are some quick lessons learned to consider before leaving for the holidays.
Lessons Learned
- Do not expose RDP to the Internet – Remote desktop is a tool that’s built into Windows to connect to other Windows computers remotely. It’s incredibly convenient way to get remote access to a computer for legitimate users as well as the bad guys. A good rule of thumb, do not expose RDP to the Internet. FortiGate firewalls include both an SSL VPN and a web-based portal that makes accessing RDP over the Internet securely trivial.
- All of the backups were destroyed – The article talks about an extensive array of fault tolerance and backups in place but they were all connected. Adding a cloud backup is relatively inexpensive and a much bigger problem for an attacker to destroy (not impossible, but far more difficult). Most cloud backup solutions support versioning so that, even if the most recent backup is encrypted, earlier ones likely won’t be. Two that we use and recommend are SpiderOak One and CrashPlan Pro.
- Shared Passwords – The article notes that several key systems had the same password, making lateral movement for the attacker that much easier. Use unique passwords anywhere that you can and keep track of them with a password manager like Keepass or LastPass.
- The attacker had been on target for a while (this wasn’t a shot in the dark) – Once you’ve secured all of the things, test them. Believing that you’re secure is one thing but knowing that you’re secure because you’ve tested your controls is something else altogether. Having a third party like Piratica conduct a vulnerability assessment once per year not only gives you piece of mind that your controls are working but also shows that due care is being given.