The shops network was hacked, Ransomware

This topic can be found at:

November 07, 2020, 06:55 PM
The shops network was hacked, Ransomware
Any computer that was on was infected at 4 AM yesterday.
Total crash of everything.
It's day 2 and it looks pretty serious. Another company was hit last year and they supposedly spent months trying to get it back and wound up paying them $500,000.

They aren't even sure how it was delivered, but suspect e-mail as the culprit.
I thought the network security was on the ridiculous side of being strict as it was, it's going to be a lot tighter now I'm betting.
November 07, 2020, 07:02 PM
Originally posted by powermad:
They aren't even sure how it was delivered, but suspect e-mail as the culprit.

Very likely. Or a compromised via web browser.

This message has been edited. Last edited by: ensigmatic,

"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
"The dominant media is no more ``mainstream`` than leftists are liberals." -- me
November 07, 2020, 08:38 PM
My former employer got hit in June. I thought they would have had it locked down but apparently one dum dum lacking in common sense is all it takes. We were hobbled for two weeks and it was close the two months before everything was close to normal. The poor IT guys went through hell rebuilding the network and checking laptops.
November 07, 2020, 09:51 PM
Office had a slow moving one once. Corrupted some database entries going back weeks. Backups helped for most but not all.
November 07, 2020, 10:52 PM
We got hit a couple years ago. An email to one of my employees that looked just like a bank email. They didn't get our banking info but they loaded something on her PC that password protected every excel spreadsheet on our network. Fortunately we do daily backups and we just went back a couple days and restored our server and then wiped her computer and reloaded it.

There are plenty of scumbag out there looking to make a quick buck. May a thousand fire ants infest their netherlands forever!
November 21, 2020, 08:30 PM
A couple Million later and the company was given the encryption code for the system.
The company has cyber insurance and it's capped at 2 Million.

The IT department is being pretty tight lipped about all this but apparently they had warned of this but the stuff they wanted to do was denied due to cost.
November 21, 2020, 08:45 PM
We got hit 2 years ago. One of our engineers clicked a link on an email. 1/2 Bitcoin ransom.

They eventually took it to about $2000 which we paid and it was never unlocked.

So we trashed the drive and started again. Sure enough 8 months later the same engineer did it again.

He was fired the same day and we just tossed the drive.
November 21, 2020, 10:14 PM
This is why I do not use mapped drives, nor cloud services on my desktop.

I know what resources I need on the network and just temp map them when I need to use something and then remove after the project is done.

If you get hit not only your computer but any mapped drives or cloud services using the convenient desktop app will be encrypted as well.

I have onedrive, etc. but I log in on the browser move my files and then close it down. the onedrive desktop has been un installed.

This business will get out of control. It will get out of control and we'll be lucky to live through it. -Rear Admiral (Lower Half) Joshua Painter Played by Senator Fred Thompson
November 22, 2020, 01:18 AM
Originally posted by powermad:
A couple Million later

Phishing classic, compromised 3rd party vendor/supply chain.

Company accepted the possibility assuming a risk assessment was done.

The insurance policy transferred the risk.
Wondering if the fine print in the policy stipulates non payment if a nation-state was the perpetrator.

The ransomeware attack may also be hiding another attack vector, and probably already have a copy of the files/database ... are the files encrypted when stored (at rest) on disk?

IT needs to be trawling through the auditing and account log files on data access.

We are all born ignorant, but one must work hard to remain stupid." ~ Benjamin Franklin.

SIGForum: the island of reality in an ocean of diarrhoea.
November 22, 2020, 06:28 AM
All our store stuff operates on a hard wired LAN. Online sales are contracted via sites like Gunbroker and Guns International. Staff actually receive the order and walk to credit card terminals to enter payments. So far, so good.
November 22, 2020, 08:54 AM
You never think about how much you rely on computers and such until it's not there.
It brought just about everything to a standstill.
Not just the shop that I work at, it affected all stores in multiple states.

We stopped getting paper manuals about 20 years ago for just about everything.
I was able to pull up stuff from Cummins and such on my phone for repairs, but had no way to order parts other than a sheet of paper that I gave to the parts guy, that couldn't look it up.
Some stuff they could just go grab if they knew what and where it was.

Then they got a couple laptops for everyone to share for everything so you just stood in line and waited your turn.

I'm probably going to have a stack of RO's at the end of the month from warranty wanting the vehicle ECU image that I'll have to go search and sift for as I wasn't able to send it during the job as I was working offline.

A big mess for everyone and quite expensive.
November 22, 2020, 03:27 PM
Here where I live, the local County Government IT systems were hit by ransomware back in mid October.
They claim it was caused by County employees using unsecured networks when working from home due to COVID.
Every County computer was locked/encrypted. 911 system, Voting system, County Clerk, Social Services, Everything...
The County refused to pay the ransom.
They did get the Voting system up and running just in time.

The County Clerk administers the State handgun licensing system scheme.
I sold a bolt action hunting pistol to a good friend/neighbor that has been coveting it for a long time.
I dropped off the hunting pistol at our local FFL, they did the background check for my friend and gave him the receipt which he took to the County Clerk Office the next day.
Nope. Sorry. No handgun for you... (normally going to the FFL, getting your receipt, and going to the County Clerk for your purchase coupon to pick it up can be done in a couple hours total)
My friend calls them every business day, strictly for the "harassment" value. They actually get unpleasant with my friend because he calls every day asking for an update.
The latest news is "possibly" by December 3rd.

Hunting season will be over by the time he gets that pistol out of "jail" and gets his new scope mounted.
Where is the NRA, GOA, and the ACLU when law abiding citizens 2nd Amendment rights are violated?
There is no backup system in place, without the County Clerk's computers nobody in my County is getting their "new" or "new to them" handgun.

I was told that the 911 System is now up and running on a Windows 98 computer. Police/Fire/EMS gets notified they have a call, but then they must call 911 Dispatch for finding out the type of call and where the call is located.

NRA Benefactor Life Member
NRA Instructor
USPSA Chief Range Officer
November 22, 2020, 08:36 PM
^^^ I guess if the system is down, your friend can just take the handgun, right? It's not like they can look it up. Or must you carry around some sort of permit with the gun?

Demand not that events should happen as you wish; but wish them to happen as they do happen, and you will go on well. -Epictetus
November 23, 2020, 12:10 PM
With the County IT system down, you can't get the purchase coupon. The purchase coupon is digitally signed by the County Judge.
You are required to have your concealed carry license with you when out on the street.
(you're not required to have the ccw license on you in your home or on property you own)
So the FFL can't do the transfer. This is god awful new york.
It isn't difficult to get a concealed carry license in upstate new york.
So they follow the restrictive state law in addition to Federal law.
And the state law has a lot of paperwork.
My previous County of residence had a paper concealed carry license.
The database was on index cards.
My new County of residence has a plastic "credit card" concealed carry license.
The database is on a computer.
The concealed carry licenses have every handgun you own on it.
Make, model, serial number and type. (revolver/semi-auto/single shot/bolt action)
The paper concealed carry licenses are a lot less bulky than multiples of the plastic "credit card" type.
I do have to give credit to the local County Clerk's Office. It's their job to follow the state laws. Up until the ransomware problem, they have been prompt, courteous, and extremely helpful.
But the ransomware issue sure is a problem for my friend. He's paid for a new to him hunting pistol, filled out his 4473 form, passed his federal background check, bought a new scope and rings, and the hunting pistol sits at the local FFL in the back room. In the meantime, firearms big game hunting season here in new york is rapidly progressing.

NRA Benefactor Life Member
NRA Instructor
USPSA Chief Range Officer
November 23, 2020, 02:16 PM
Someone in our accounting team clicked on something dumb. Hacker was able to get into their email. Email some clients and had them send payment to a new address. Cost us $12K check.

Train how you intend to Fight

Remember - Training is not sparring. Sparring is not fighting. Fighting is not combat.