24 Jan Ransomware Attack on Freres Lumber
January 24, 2020
Thanksgiving of last year Freres Lumber was subject to a ransomware attack which shutdown key systems and caused significant disruptions. Luckily, we were able to bring key systems back online within three weeks and recover information that was important for business operations. Most significantly, a third party investigation determined that there was no evidence of a data breach as a result of the attack.
Though we recovered from the event, it is not something that we want to repeat, and there were valuable lessons learned from the experience.
Over a year ago we added a cyber insurance policy to our existing coverage. Our justification for the addition was that we had seen turn-over in our IT staff and had significantly expanded our Information Technology infrastructure as a result of a new accounting system. The additional insurance was an enormous benefit because our carrier was able to put us in contact with professionals, lawyers and forensic IT companies, who had experience dealing with events like this. The resources were critical in our time of need, and we would recommend the coverage.
Firewalls are your first line of defense, and they need to be examined regularly to ensure that they are functioning properly. In our case, a previous employee left a port open through our firewall, and infiltrators used that port to access our network. There is no indication that this was a malicious act— opening a port for a short period can be a matter of convenience and may be unintentionally left open. Sophisticated bad actors often utilize port sniffers to look for open ports in order to gain access to private networks. Regularly checking firewalls to ensure that updates and patches are applied, and that minimal ports are open to the network helps to prevent a ransomware attack.
Password complexity and changing passwords on a regular basis can frustrate those attempting to gain access to your network. Though much ado is often made of using special characters, we learned that the length of the password is almost more important. The number of characters in your password exponentially increases the number of combinations possible for those using computer programs to attempt unauthorized access to networks. Changing passwords on a regular basis is also a very good idea.
There is no substitute for a good backup in an intrusion event. Without backups, companies are subject to the whims of those who have infiltrated their networks. Having backups, both cloud-based and local, as well as multiple copies, provide options. Having options is very important when dealing with a potentially costly and disruptive event.
It is estimated that ransomware attacks in 2019 impacted almost 1,000 government agencies, educational establishments, and healthcare providers at a potential cost of over $7.5 billion. Criminal cyber activity is a growing problem and one we all need to safeguard ourselves from.