Ransomware hit a Bay Area Hotel. Implementing just 3 cybersecurity safeguards would have prevented it.
Does your business have these three safeguards in place?
- Annual employee cybersecurity training (like PlanetMagpie’s Cyber Fu training!)
- Cloud backups for servers & workstations
- Quarterly network penetration testing & access review
If not, you're a sitting duck just like our Bay Area hotel customer. Right before a ransomware infection decimated their IT in May of 2018.
In this WOOF! issue we'll go through what happened to this hotel's IT. How putting in just 3 safeguards would have stopped it, and why.
Finally, how implementing those same safeguards into your business is a far better strategy than thinking, "Hackers won't target us. We're too small/big/careful/invisible/etc."
Anatomy of a Hotel Cyberattack, Step by Step
We'll refer to the hotel as "The BA Hotel" for this issue.
The BA Hotel had a Remote Desktop Server, so employees could get to one set of guest records. They'd opened the server to all users. All employees used the same account ("guestservices") to access the Remote Desktop Server. They all used (and knew) the same password – "Rock."
At some point, a cybercriminal scanned the network. They found the Remote Desktop Server access bookmarked on someone's workstation. The cybercriminal then broke into the Remote Desktop Server by brute-forcing the password.
Once inside the network, the cybercriminal found the Active Directory server. They installed an administrator-level account and began pushing ransomware onto workstations.
Oh, and the BA Hotel had their backups stored locally (not in the cloud). On the same servers the cybercriminal hacked. The ransomware locked up their backups as well.
They called us after employee workstations began locking up with ransomware demands. We rushed over, hoping we could clean the ransomware off, restore backups, and get them running ASAP.
Then we discovered that the backups were gone. The rescue effort turned into a triage.
We rebuilt their servers, locked down Remote Desktop, and closed security holes in the network. But without recent backups, we could not restore their data.
The BA Hotel was able to resume operations within 2 days. But they lost all their guests' reservations, documents, emails…all of it. Permanently.
How the 3 Safeguards Would Have Stopped the Ransomware
- Employee Cybersecurity Awareness / "Cyber Fu" Training: A PlanetMagpie "Cyber Fu" trained employee would catch that everyone used the same password for Remote Desktop access. Big no-no. One raised hand would have prevented the ransomware attack from happening in the first place.
- Network Penetration Testing & Access Review (Quarterly): Never leave a Remote Desktop Server enabled for all users & opened to the outside world! This sort of security hole would throw up a huge red flag on a vulnerability testing report. Penetration tests do nothing but examine your network for entry points, so you can seal off any that are unnecessary. Which prevents cybercriminals from finding those vulnerabilities first.
- Off-site Backups (Workstations & Servers): This could literally save your business when you're hit by ransomware. Backups allow fast restoration of the infected workstations & servers. Why off-site? It prevents the ransomware from finding those backups...and infecting them too!
Think of these safeguards like insurance. When you don't need insurance, it's just a regular monthly expense. When you do need it, it's a lifesaver! With recent backups, restoring data & normal operations takes hours, not days/weeks.
"Hoping Cybercriminals Won't Notice You" is Not a Strategy.
These are bare-minimum cybersecurity safeguards. We could, and usually do, suggest more protective measures.
Consider how easy implementing these 3 would be though. A few hours' work, and your business has a fighting chance when cybercriminals come crawling in.
Do you need to schedule your company's employee cybersecurity training? Email us at firstname.lastname@example.org to get started!