Ransomware hits admin workstation and kills 7 servers

Ransomware Note ScreenshotI wanted to share a horror story with you, something that happened to somebody the day before yesterday. This is what happened in their own words:

"We are a 250 employee non-profit and we heavily rely on our computer systems in almost everything we do. Yesterday, one of our admin workstations was hit with CryptoWall Version 2.0, and because this workstation had drives mapped to all our servers, and the administrator had permissions, all our seven servers were encrypted and we were dead in the water.

CryptoWall took just 55 minutes to encrypt 75 Gigs of information, and it had penetrated most of our network before we found out what was happening, isolate the workstation and get it disconnected from the network. We had backups of the seven servers but it would take days to restore those, so we opted to find out if we could decrypt the files first.

Luckily we had just signed up for KnowBe4’s Kevin Mitnick Security Awareness Training, which came with a crypto-ransom guarantee in case something like this would happen. We called them and got instant help with this very urgent problem.

They had bitcoins ready in a wallet and were able to pay the $500 ransom within hours. The CryptoWall criminals were actually also pretty quick, and we were issued our decryption key soon after.  We immediately started to decrypt all the files with the provided decryption tool and pulled an all-nighter. It was amazing how long it took to get through all of the data. It finally completed at around 8:30 am. So we estimate about 18 hours of running the decrypt tool on our 75 gigs of data.

So far it only appears that one older database file was corrupted during the encryption, but we restored it from our backup and all is fine. I can’t say enough about KnowBe4’s quick response and support with this situation. We dodged a very big bullet here.

While only a portion of our staff have completed the training, something tells me more will complete the training requirement after this event. Thank you very much!" - Q.M. IT Director

As you can see, ransomware hitting a key employee like an admin or perhaps a CEO, controller, or CFO with a lot of access, can do immense damage.

Having all employees step through security awareness training and sending them simulated phishing (and now also vishing) attacks, is an essential element of your defense-in-depth! 

Find out how affordable this is for your organization. Click the button:

  Stop RansomWare

Warm regards,

Stu Sjouwerman

Founder and CEO, KnowBe4


PS: Want to understand why all this Russian Cybercrime is happening? Here is a 5-minute explanation!

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews