Soldato
- Joined
- 30 Sep 2006
- Posts
- 5,280
- Location
- Midlands, UK
So, last wednesday evening someone (we think from the accounts dept) opened an email with a pdf in and unwittingly launched the crytolocker .coverton virus.
It spread across all our servers, physical and virtual and even hit our online backups that were password-protected. Our support team are still puzzling over that one. It also infected our onedrive accounts and business dropbox account which had client shared folders in it. Accompanying the virus was the usual text file detailing how to have the decryption keys sent to us; basically holding us to ransom for a bitcoin. We wouldn't pay on principal (funding cyber terrorism) and that reports on the net claim that 60% of the decyrption doesn't work.
Luckily we have datacentre backups, but imagine how long it takes to copy back 15TB of data onto USB3 drives
One week later, and a 93hr working week for me, including a 30hr shift on the day we found the virus, and we're about back to normal.
Our support team said that since 23rd March which was when the virus was first reported to have infected people globally, that they'd had about 8 other clients hit in the same way and nearly all came from the accounts dept. Not a great reach of the imagination really if the email is designed to look legit then spoofing a familiar email address with an attached invoice will likely increase the chance of someone clicking on it.
So, we've increased our web content filtering security, changed antivirus. But, no matter what you do the common denominator will always be the human who presses a button without thinking twice!
So....that was my week from hell.
How has yours been?
It spread across all our servers, physical and virtual and even hit our online backups that were password-protected. Our support team are still puzzling over that one. It also infected our onedrive accounts and business dropbox account which had client shared folders in it. Accompanying the virus was the usual text file detailing how to have the decryption keys sent to us; basically holding us to ransom for a bitcoin. We wouldn't pay on principal (funding cyber terrorism) and that reports on the net claim that 60% of the decyrption doesn't work.
Luckily we have datacentre backups, but imagine how long it takes to copy back 15TB of data onto USB3 drives

One week later, and a 93hr working week for me, including a 30hr shift on the day we found the virus, and we're about back to normal.
Our support team said that since 23rd March which was when the virus was first reported to have infected people globally, that they'd had about 8 other clients hit in the same way and nearly all came from the accounts dept. Not a great reach of the imagination really if the email is designed to look legit then spoofing a familiar email address with an attached invoice will likely increase the chance of someone clicking on it.
So, we've increased our web content filtering security, changed antivirus. But, no matter what you do the common denominator will always be the human who presses a button without thinking twice!

So....that was my week from hell.
How has yours been?