You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
So yesterday I got an early morning phone call from work to say don't remote log in, we think we have a virus. It's been over a day with their IT company beavering away and still not back up running but I'm not in the office to see whats happening. Small company with cloud back ups of data. How worried should I be?
Be worried - Mrs was at a company that used cloud technology for everything and the cloud company got hacked. The hosts had to pay the hackers in the end - no way round it. Not the company's fault but they were down for about a week.
Worried about not getting a bike ride in? Not much, just go ride...they'll contact you when it is safe to log back in...
I know of a large company that was essentially down for 3-4 months. A day is nothing to worry about.
I personally downed an entire university administration department for 3-4 days. Received a virus-riddled attachment, dumbly opened it and watched with glee as it mailed itself to everyone in our global address book. Turns out neither the mail server nor the clients were configured to scan mail for viruses. Was two weeks into the job. My how we all laughed - especially when we came to do a restore of the data and it transpired that none of the backups had really worked, ever.
I personally downed an entire university administration department for 3-4 days. Received a virus-riddled attachment, dumbly opened it and watched with glee as it mailed itself to everyone in our global address book.
I've just had to watch some really painful compliance videos because of people like you
😀
I'd be exceptionally worried if they think they have a virus. I'd be far more reassured if they knew they had one.
Software company I work for was hacked, our data encrypted and held to ransom
Most of the client data was backed up but as we extensively use Amazon Web Services, very little of the dev or production environment configuration was backed up.
Oh what fun we had for a couple of days trying to re-configure everything from scratch in AWS...
We learnt from that lesson though, and every dev/QA/production environment config and data is now backed up to different AWS clouds and we can automatically re-create a new production environment in a matter of a couple of hours max.
But, jeez, the amount of time it's taken to get to this stage is unbelievable and has really slowed us down rolling out new "product". Sys admin/dev ops activity and re-factoring for resilience seems to equate to more than 50% of the IT teams output...
My multi national employer was brought down by a virus - the small IT dept was completely overwhelmed. There are still piles of decent fairly high end discarded and infected win10 PC's awaiting being scrapped as it was quicker/cheaper to replace them with new hardware.
I may have formatted a few for my own use.....
This was a main plot point in "Startup", the K-Drama version:
https://www.imdb.com/title/tt12867810/
Hopefully you've got a super-smart but dorky Korean guy working for you, in which case you've got no problem. Otherwise you're screwed. Get a new job.
I remember years ago we (the print company I worked for at the time) kept having problems with corrupted photoshop files, and it turned out to be one of the first viruses aimed at Macs, which I believe originated in a former Soviet client state. We managed to find an effective anti-virus and set about cleaning everything up. We determined that it originated with an agency that we did work for, we informed them, and sent them clean files and the means to clean up their systems.
The files they sent back were infected, we informed them of this, and sent them back clean files. They sent back infected files.
This went on for a while… 🙄
Turns out I'd got the wrong end of the stick about a virus and its some kind of malware. Day 3 and they're still optimistic that they can clean it out.
Sadly we don't have any super smart yet dorky Korean guys to save us 🙁
The company I work for was affected earlier this year. The system was infected with ransomware. We we're effectively out for 3 weeks
If you aren't involved in the fixing and have been told not to use the systems, then I'd be suggesting using some of this 'spare' time to get out on the bike (or get some other things done)...you may have other work you can do without the computer, so try and progress that stuff...
Unless of course you own the company then I'm sure the stress levels will be through the roof...a bike ride might help a wee bit.
I know of a large company that was essentially down for 3-4 months. A day is nothing to worry about.
I raise you SEPA in Scotland - over 2 years and staff are just rebuilding or writing off decades of data and spending records....
https://theferret.scot/sepa-cyber-attack-costs-double/
Turns out I’d got the wrong end of the stick about a virus and its some kind of malware. Day 3 and they’re still optimistic that they can clean it out.
This is better news if they haven't been encrypted. If they don't know the root cause yet then they may well have removed all internet facing access. Do you have multi factor authentication on your remote access when you work from home?
There are still piles of decent fairly high end discarded and infected win10 PC’s awaiting being scrapped as it was quicker/cheaper to replace them with new hardware.
Well, that's just bloody stupid. I'd be on that lot like Tomsk.
Is there any left? 😁
Once decent malware/ransomware gets in to your environment it can be an absolute pig to get rid of. You need to identify everything that could have been compromised and start isolating it, then you've got to pray you have immutable backups (or your mutable backups haven't been compromised), you also need to find and block any call-home functionality it's using (most malware these days is a light initial payload that just calls out to a remote server on the Internet to download the 'fun' stuff) and figure out out it got in in the first place - usually a lot of this activity requires paying a lot of money to an external specialist company as internal IT rarely has the skills to do it all. There's no point internal IT spending weeks and thinking they've fixed it only for a re-infection to occur straight after...
I'm fairly fortunate that I primarily work out of a dark site (government) so although we do have Internet email unless all the gateway security appliances get compromised there's no way any malware that managed to get in can call home, there's also no browser access to the Internet (I have a separate air gapped laptop for that). Given most compromise attacks we see though are coming from nation states (or state sponsored groups) rather than your average freelance group it's still something it's hard not to stress over - there used to be a saying there are two types of companies: those that have been hacked and those that have been hacked but don't know it yet. I'm hoping that's not strictly true :p
I work for a small company thats unlikely to have any value to hackers, but our security is questionable.
I'm logged in on the browser as me. I can come straight to STW, and more importantly my gmail without logging in. I still insist on 2FA for anything banking/money related despite it asking every time to "make this a trusted PC"
Should I be doing more to separate my personal from work?
The best bit about Sepa's hack is that their cyber incident response plan was inaccessible during the incident.
https://www.bbc.co.uk/news/uk-scotland-59054590
Should I be doing more to separate my personal from work?
How is your email secured?
You can worry about banking all you like, but if I have access to your primary personal email account and 47 public websites all with "I forgot my password" links then it's game over.
... and of course, the other side of the coin there is "how much of a risk are you to the company?"
How is your email secured?
to log in on a new machine its 2FA - password and text to my phone
but remotely access my work laptop somehow and all you need to do is open the browser and click the shortcut.
Well, that’s just bloody stupid. I’d be on that lot like Tomsk
I'm just here to celebrate Cougar's Wombles homage 🙂
University I worked with had a Ransomware attack. 3-4 weeks I think. Lots of other Uni's have been caught as well. Not sure cyber security was always allocated a lot of budget in the sector. Bet it is now tho!
My how we all laughed – especially when we came to do a restore of the data and it transpired that none of the backups had really worked, ever.
I like a good backup that wasn't tale 🙂
Had one back in my old mainframe days that our backups weren't right but we luckily found out before we had to restore from any.
Can't beat a good disaster recovery plan and actually getting some fresh hardware in and testing it on.
Back in the 'Pro' days not like my latter day strapping the the shooting irons on escapades 🙂
The whole leading the horse to water but unable to make it drink scenario is frustrating.
DR is great.
Company: How do we test for recovery in the event of a disaster?
Geeks: Well, we simulate a disaster and see if we can recover from it.
C: No, you can't do that, it sounds too dangerous.
G: Uh. OK then. Same time next year?
Later: actual disaster happens
C: Why was this never tested?
The local council I work with was hacked about a year ago, they're still not back to normal yet
I’m just here to celebrate Cougar’s Wombles homage 🙂
😁 I'm genetically one quarter Womble. Back when I worked in an office, they had to change policy in order to keep me out of the WEEE pile.
Should I be doing more to separate my personal from work?
don't reuse passwords across work/personal accounts.
Back when I worked in an office, they had to change policy in order to keep me out of the WEEE pile.
Sounds like your cat takes after you 😁
🤣