How to survive a ransomware attack and live to tell about it

Slides:



Advertisements
Similar presentations
Registering as a New User on ISEE Idaho State Department of Education January 6, 2012.
Advertisements

PAR CONFERENCE Homeland Defense A Provider’s Perspective Lessons from TMI Dennis Felty November 15, 2001.
2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery Risky Business Week.
Disaster Recovery 2015 Indiana Statewide Payroll Conference Michael Ievoli-Client Support Specialist IV, Major Accounts September 16, 2015 Copyright ©
Using the Cloud to secure your data.. History of Randsomware December 1989 – AIDS Trojan made users male $189 USD to a PO Box in Panama. Fast-forward.
R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING CAMPAIGNS,
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
Student Accounts Presentation. Student Accounts Barge Hall Room 104 (509) Barge Hall Room 105 (509)
Important Information Provided by Information Technology Center
Incorporate? EIN? Federal Income Tax Umbrella? HELP!!!!
Welcome to Manor i.s.d.! Employment documents.
New College Now Student Application and Registration Instructions
Take Charge of your Finances
WELCOME BACK!
3 Do you monitor for unauthorized intrusion activity?
Agenda Objectives What we ask of you
Risk Management for School District’s
Prevention against Ransomware costs - Arcserve UDP
Boston University Graduate School of Arts & Sciences (GRS) Financial Aid & Graduate Affairs/Records 705 Commonwealth Ave, Suite 112   Contact information:
Welcome to Excel English Institute F1 Student Orientation
The College Application Process
I S P S loss Prevention.
Take Charge of your Finances
Data Compromises: A Tax Practitioners “Nightmare”
Accounts Payable, Vendors & more Business Services March 2013
B I S New Hire Orientation Requesting Time Off.
Health Savings Account (HSA) Funding & Invoicing
Cyber Game Plan: a tabletop exercise in defending a ransomware attack
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
IT Security awareness Training.
Mary Kummer Jim McNall PRIMA Spring Training 2018
Paying the Employee.
Cyber Issues Facing Medical Practice Managers
MYUH.HAWAII.EDU New Student TOOLS Register/STAR/Financial Aid
SAP ECC Upgrade Sunday Monday Tuesday Wednesday Thursday Friday
Accepting your University offer and enrolment
Chapter 5 Section 5.1.
WannaCry Ransomware Overview
MRS. CONTRERAS Language Arts 9th Grade – Eng I Honors Gifted Room C209
INFORMATION TECHNOLOGY NEW USER ORIENTATION
Chapter 5 Section 5.1.
INFORMATION TECHNOLOGY NEW USER ORIENTATION
Qdos How Do I?.
Information showing on your account may not be accurate.
Many answers can be found this Web site.
2008 Workshop AHEPA District 3 Website Presentation
The Service Portal What is the Self-Service Web Portal?
Pre-Biology and Biology II
Policies and Procedures to Protect you, your Office and your Data
The Service Portal What is the Self-Service Web Portal?
Key PTC Payroll Items.
Cyber Security: What the Head & Board Need to Know
DDoS attack Turn slides
Take Charge of your Finances
Targeted Data Breach Turn slides
Killeen ISD Accounts Payable.
New Student Orientation
FISCAL YEAR END DEADLINES 2019
Marketplace FAQs Treasury 5/1/2019.
On and At Unit 2 Fun after school.
March Accountability & Quality Update
Scenario Discussion.
Targeted Data Breach Turn slides
Fall 2018 Student satisfaction Survey
Emerson College FY19 Year End Process
TRAVEL TRAINING You may access our travel guidelines and forms by visiting:
Student Organization Fund Accounts CSUSM Academic Year
Office of the Bursar Division of Finance & Administration.
Presentation transcript:

How to survive a ransomware attack and live to tell about it Live IT! How to survive a ransomware attack and live to tell about it

Here’s How it happened – Friday 01/26/18 Mid-afternoon an employee clicked on an attachment on what appeared to be a legitimate email from SDE. All emails, especially with attachments, should be carefully scrutinized If the email is sent from someone that doesn’t seem legitimate, DO NOT CLICK on it. No action Friday or over the weekend.

January 29 am – The discovery

Oh heck *&*%*&*(( – what now? Immediate contact with SDE Security Office, SLED, FBI Almost all servers (70 of them) and Internet were disabled districtwide – Powerschool is hosted – no loss to student data; some phone service down; communication was by cell phone Encore Technologies contacted to access damage 9:00 briefing with Superintendent and Senior Staff Encore discovered all servers were backed up with the exception of the Domain Controller

Oh heck *&*%*&*(( – what now? II 2:41 Made initial contact with Dyno Dan (the perp) – How much would it cost to unlock files 3:00 – Second briefing by IT director to Superintendent and Senior Staff Two options Pay ransom or Rebuild domain controller from scratch Contact with SCSBIT on Cyber Coverage – we were covered Contact with bank to set up separate account 6:26 pm Dyno Dan responded with demand – 1 bitcoin - $11,000

Ransom request and response

What is a bitcoin and where do you get one? What is one? Is a crypto-currency and worldwide payment system. It is the first de- centralized digital currency, as the system works without a central bank or administration. DynoDan was kind enough to give us several examples

What we did Encore provided us with name of US bitcoin company located in Arizona Contacted bank to create separate and distinct account specifically for paying ransom District was prepared to have cashier’s check cut for ransom to deposit into separate account Financial consultants secured bitcoin on our behalf

The negotiation and stall (It’s still only Monday)

It’s now tuesday 9:00 am Briefing by IT Director to Superintendent and Senior Staff Encore light bulb went off Domain Recovery From 9:00 am til 9:00 able to recover the domain controller but not the group policy At 2:30 pm we sent 3 files for a free decryption By 5:00, district had secured a bitcoin for ransom At 9:30, it was decided to not pay ransom, go with recovered server and build the group policy from scratch At 10:48 pm DynoDan responded with our 3 files to test

It’s finally Wednesday All services are still non-functional Successful backup from Tuesday night - Domain controllers were able to replicate to all school domain controllers 9:00 am briefing with Superintendent and Senior Staff and advised no ransom would have to be paid Systems were slowly restored one at the time.

Thursday IT staff brought up individual district office PCs with Internet – schools were still unable to access First day district was able to access accounting software since previous Friday. Slow Recovery Day

Things to think about - til Does your district have adequate backup for servers? Is your PowerSchool on-sight or hosted off-site? Do you have Cyber Insurance Coverage? Is your accounting software on-sight or hosted off-site? How would you run payroll or AP? An Emergency Procurement? Does your district have P-card or credit cards for emergency purchases? Do you know how to purchase bitcoin? How long does it take?

TIL - continued How is our point of sale for food service affected? Keeping attendance Fall back plan for classroom instruction Is your cell coverage adequate for communication purposes? Does your district have an IT expert you can lean on?

Encore to the Rescue YES – it CAN happen to you Security – STOP using passwords. Start using passphrases Disaster Preparedness – When is the last time you tested your backups and procedures? Leverage your partners

questions