Cyber attack story
A call from your IT provider on a Saturday night to advise of a successful cyber attack is one of a business owner’s worst nightmares.
The thought of data being compromised is a threat to any business. For one Perth business falling victim to a cyber-attack became a reality last month.
Thankfully we have permission to share their story, insights and lessons learned from the experience.
RobinHood ransomware attack – what happened?
One of two servers was successfully attacked and as a result both server information and the back-up were encrypted.
An encryption expert reviewed the code and stated the code was ‘RobinHood’, one of the most malicious ransomware used by cyber attackers with criminal intent.
According to our source there had been six unsuccessful attacks on the business servers leading up to this attack.
The reason the cyber attack was successful was because of an old administrator password that should have been cancelled.
Cyber attack ransom – pay or not?
Ideally a business, will have current and secure systems in place to avoid a cyber attack however in reality sometimes these measures fail.
Attackers demanded US3500 in bitcoin.
Business owners considered all options. What would you do in this situation?
Payment was made for an encryption code but it didn’t work, and attackers demanded more money.
At this point business owners agreed that unless they declined to pay any more money the cyber attackers would simply keep dragging them along. A clear message of ‘no’ was communicated and thankfully attackers gave a correct encryption code.
The downside was the code only unlocked one file at a time which meant the process to unlock information and retrieve all information took more than three days.
Lessons learnt from a cyber attack on a small business
In hindsight the business reviewed computer protection levels and server security procedures. Lessons included;
- all computers must have the latest software. This includes machines that sit at the front desk that may not be used often
- business computers should only have trusted, and secure programs installed on them
- always have a three-monthly review provided by your IT provider including a written report
- turn off office computers at the end of every workday
- consider installing additional virus protection on business computers
Apparently, a week after this cyber attack, there was a $1million ransomware attack on a big Aussie brewer.
As a result of the cyber attack this Perth business is moving to 100 per cent cloud storage, doing away with server storage and backups and engaging an independent IT firm to review processes.
A timely warning from one of the business owners, ‘we just cannot be careful enough, cyber security requires constant monitoring.’
We hope this information has been useful and will perhaps prompt you to review your IT and cyber-security processes. For useful cyber security resources for business visit cyber.com.au
First published 17 July 2020 and reviewed 12 June 2023.