A real account of recent incidents experienced by a Medical practice known to us in Perth, Western Australia (November 2016.)

encrypted-data-ransomware

The IT Guys, had provided ad-hoc services to a small doctors surgery in Perth's Western Suburbs consisting of a server and 5 's. Although they were happy for us to install and maintain a Cloud Backup Service they insisted on maintaining and rotating their own local drives through multiple external HDD's that they wished to manage using their own staff.

In November 2016, the surgery was hit by an Cryptolocker Virus attack, set off we suspect by one of their employees clicking on a dubious email link such as those pretending to be from Australia Post or Telstra.

Before the anti-virus program could respond and neutralise the virus, it had encrypted most of the files on the server which also acted as a shared data drive for all the PC's.

When we were asked for help we found that the cloud backup had updated just a few hours before the attack and we were confident of recovering all the current data files without paying any ransom. We offered to start the recovery of the corrupt files back to the server, the only problem was that on their very slow connection, it would have taken 3 days or more to recover all their data.

The Doctor was confident he had a current “local” backup to recover from which should have only been less that a few days old. However, on checking the external HDD used for local backup, it was also found to also be encrypted with the Cryptolocker Virus . As the staff were supposed to be rotating the external backups on a weekly basis, a only a week old should also have been available, however, it was discovered that this practice had not been happening and that the last  good backup was actually 6 months old.

The practice used a specialist Medical Management system that was server based and contained all patient, billing and medical history. The system was used exclusively and as it turned out, the staff and doctors could not operate without it.

The only choices were :

  1. To pay the ransom and take the chance of the criminals decrypting the files
  2. Close the business for three days to wait for the cloud backup recovery or
  3. Reinstall six months old and then attempt to merge the old and new data files.

The doctor opted to restore the 6 month old backup and keep working. After three days we recovered the old files but then spent over 20 hours merging the data files with the old and the new data due to a mismatch between software versions and the old backup.

Had we been monitoring the backups, there would have been a full backup of no more than a month old on a local drive. This would have meant minimum data loss and business disruption. Had the practice NOT had cloud backup, they could have lost 6 months of client, financial and business data or tens of thousands of dollars by paying the ransom.

Prevention is ALWAYS better than CURE and this can be achieved by.

  1. Using monitored Anti Virus software such as AVG Cloudcare.
  2. Use Local backups rotated and checked on a regular basis (PC's and Servers) to NAS drive.
  3. Offsite/Cloud backup updated daily such as CrashPlanPro or ReadyCloud
  4. All email accounts setup on hosted-exchange platform such as Hosted Exchange.
  5. Upgrading Internet to NBN or to facilitate quick cloud backup and restore.

 

Our Preventative Maintenance Plans start from $66 per month, we offer 4 plans:

  • Cloud Backup Plan – setup and installing cloud backup only, we monitor the cloud backup monthly.¹²³

  • Basic Remote Backup Plan – monthly remote checkup of your local backup¹²³

  • Onsite Backup Plan – monthly site visit to check computers and servers and local backup¹²³

  • Comprehensive Backup Plan – monthly site visit to check computers, servers, local and cloud backup¹²³

  1. All plans include a FREE remote or on-site Audit of your companies IT systems before we recommend which plans would be the most suitable.
  2. All plans may require the upgrading of email accounts. Users of often have very large email files with multiple folders and going back many years. Due to the size and nature of older Outlook data files (.pst and .ost) they may not be able to be readily backed up, especially to a cloud backup source and will need to be moved to a hosted exchange platform
  3. Cloud backup plans are only viable given reasonable internet download and upload speeds. and NBN/HFC/Broadband availability will determine our recommended backup regime.

 

:jk:

Leave a Reply

Your email address will not be published.