Orange County, CA - We have seen a surge in ransomware attacks in the past week. While only two Alvaka clients have gotten hit, they are a tale of different system administration acumen.
1. A multi-state firm got hit with the latest breed of ransomware on Friday. Where an otherwise non-event for the most part went wrong was that a key user insisted on having elevated administrative rights for their IT infrastructure. Instead of using a regular user account, with very limited user rights for day-to-day activities, this more powerful account, when struck by the ransomware, infected all the important file shares of the firm, including the branch location file stores. Fortunately they had good backups, but because of poor folder naming conventions and structures it took the guys in our Alvaka Networks’ Network Operations Center about 28 hours straight to get all the user permissions back in order for client to get back to work. The lack of least-permissions as used by this client goes in direct opposition to what we recommend at Alvaka. Least-permissions is the practice of using accounts that grant the user to only the locations on the network for which they have a business need to access.
2. In another example, that struck today, a $200m manufacturer/distributor got hit by the same ransomware. This time it was a Jr executive. He saw some problems with his system, but did not report the problem not knowing what it was and went home. The problem was detected after he left, but the outcome was very different than the prior scenario. Why? Because this user only...