How my company survived a ransomware attack

Chris Williams, director of containers supplier Willbox, reveals how quick thinking from the company’s external IT support meant a ransomware attack on his company could have been so much worse.

Willbox is a container hire and sales company based in Southampton, England. The brand is owned and operated by Williams Shipping, a family business founded in 1894, which provides marine and logistics services across the UK and Western Europe. A few months ago, we were hit by a ransomware attack.

It was our one and only cyber attack, and it happened at 02.15 on September 29th 2016. Luckily we were prepared and had a backup server in place, with a remote backup located in an offsite server house. Otherwise, it could have been catastrophic. As it was, it turned out to be merely frustrating and time-consuming.

Our main server was attacked with CryptoLocker, which led to a ransomware attack that encrypts all the files in the server to ‘CRYSIS’ files. When hit by this attack, you then receive a message from the ransomware that informs you that if you do not pay a certain amount of money (in the form of BITCOIN) your files will be deleted. You usually have 24 hours to comply until the ransom amount is double, then after a further 24 hours the files are deleted. The hackers were able to infiltrate our server by locating the port to our RDS server, and using an old username that had a generic password.

Taking quick action after a ransomware attack

Fortunately we were swiftly alerted to the attack by our IT management company who then set to work restoring all the infected files back to their original state using the backup server. All of our main software programmes were also rendered useless and had to be reinstalled. We lost roughly a day during the restoration process, but it could have been so much worse.

The backup server enabled us to roll back one day; effectively costing the business in lost time. Without a backup server, we would have been stuck with a tough reality; starting from scratch with our shared network environment and IT infrastructure across the group of companies. It’s hard to place a number on damages, but for a combined office team of 35 this could have taken a number of weeks to get back to where we started. Luckily we use a number of apps and software packages to manage the business, all of which have their own backup systems in place. Some assets, such as historical photos and documents, may have never been recovered.

Make it difficult for cyber criminals

All of our ports have now been changed to make it virtually impossible for the hackers to identify which port is our RDS server. We have implemented a strict username and password policy, which includes longer passwords with many symbols and characters, which are then refreshed randomly and at least every 90 days. We have also locked down the number of users that can connect to the RDS server remotely from their home PCs.

I would suggest to other businesses to make sure you have a backup server, and make sure you don’t skimp on the quality of this server. Although you can get a cheap backup server, in the event of a system shutdown, your business will be running on that server. If it’s not powerful enough to run your day-to-day tasks, then it’s not much use. Have a strong password policy, and make sure all it users are aware of the ways in which you can be hacked (infected attachments etc). Keep your hardware and software up to date; your IT infrastructure is only as strong as its weakest link; that old dusty windows 98 PC in the corner of your office could be a hacker’s dream!

Chris Williams is director of Willbox

Further reading on how a ransomware attack can hit your company

Related Topics

Ransomware

Leave a comment