How Sterling IT survived a data disaster with external backups
Introduction
Sterling IT is a company that provides IT services and solutions to various clients. In 2015, they faced a major data crisis when their vendor, who hosted their email and remote desktop servers, suffered a complete system failure and lost all their data. The vendor had promised to have geolocation backups, but they all failed as well. Fortunately, Sterling IT had their own external backups with different providers, and they were able to restore their clients’ data and operations. This story shows the importance of having external backups and not relying on the source provider alone.
Last week, for the very first time, one of Sterling IT’s customers was attacked with Cryptolocker virus.
When we had the alert, and then found client couldn’t access files, we thought it was just a corruption. Upon inspection, most files were renamed with .encrypted at the end and a HTML file explaining to pay a ransom to recover all the emails.
Sterling IT went into Disaster Recovery Mode (SITDR) and we were able to save the client from any data loss (even though EVERY file on 1x user PC plus most shares on the server were affected, as this user was in management and accounts security groups and shares). Using Shadow Protect and our monitoring systems, we were able to lock down the network, recover all files from DR backups and get the client back up and running.
It was first noticed because of Dropbox. As this company uses Dropbox for some business applications, and the infected user also had Dropbox access, ALL FILES were deleted. The only savior was one of the PCs was locally backed up which the files were recovered from there. (we recommend using private sharing apps with Synology , synocloud, rather than Dropbox as you have full control and is PRIVATE CLOUD).
How did this all happen?
Simple, opening an email with the Trojan. You might also ask about protection mechanisms we have.
First and foremost, the client recently moved to Microsoft Office 365. We would have thought that Microsoft anti-spam and antivirus would have maybe picked this up as first defense, but obviously didn’t. The second defense was a Fortigate firewall with antivirus scanning – been a great defense in general. And thirdly, antivirus and firewall on desktop.
Even with ALL these defenses, the Trojan still go through.
We have many clients sending us emails daily asking IS THIS SAFE? This is what we are here for, to help and protect our clients. Its FREE and QUICK!
REMEMBER :
PLEASE DO NOT CLICK ON EMAILS YOU DON’T KNOW OR/AND NOT EXPECTING.
IF UNSURE CONTACT STERLING IT.
Please read and take note
CryptoLocker 14th October 2013
CryptoLocker is the next generation of internet virus that is currently circulating all over the world in large numbers. Once a computer becomes infected it will lock all your files plus any network files it has access to, even your server.
Once the files are locked it will give you a three day countdown to pay the ransom, usually $100 or $300. If the time expires your files are locked with no option to pay the ransom.
It is by far the worst we have experienced so far and virus protection companies are scrambling to catch up with this one, as it changes frequently to elude the virus scanners. In other words: it can affect you if you are not careful even though your firewall and virus protection is active and up-to-date.
Currently there are only two known methods to remove the infection, restoring your files from a backup or paying the ransom.
Please be aware that paying the ransom is not guaranteed to work. We don’t condone paying the ransom and supporting these cybercriminals.
Usually this occurs by these methods:
In the form of attachment, usually disguised in an email appearing to come from your bank, insurance company or courier service or scanner.
A simple safety procedure that works for the majority of email applications or online email services is to “hover” over the link, which means move the cursor to the attachment or “button” or other link in the email, but DO NOT click. If the domain name that appears has no relation, looks suspicious, or appears as an unintelligible tangle of letters and numbers, it usually means it is not legitimate and should be deleted.
Through Trojan websites, which will ask you to download a piece of software in order to watch video clips or download songs off the internet.
Through exploit kits, specific websites with similar names to popular ones, just waiting for people to miss-type the address and think they are on their favourite website.
Advice for prevention
Do not open attachments if you are unsure of the contents or the email was unexpected.
Look for clues in the email content, usually most legitimate emails will address you by name and not something generic like ‘customer’ with vague wording.
Do not click on website links in emails until you have viewed the link location (do this by hovering over the link, this will display the link right at the bottom of Outlook). Instead of clicking the link, you are best to manually browse to the website via your web browser.
Make sure your anti-virus is updated regularly
Make sure your backups are current and working and backing up ALL critical data
If you get the virus
Stop work
Immediately disconnect any network drives
Contact us
Alert other users of the issue, as most likely any work done will be overwritten when the backup is restored.
Please do forward this email on to your staff, friends and associates.
SITBACK (“Sterling IT Backup”) provides our customers with a seamless, robust online data backup solution to an offsite location.
Also known as Cloud Backup.
Data loss or the exposure of sensitive data can result in huge financial losses, legal penalties, loss of reputation, brand damage, loss of intellectual property, loss of customer trust… and all this can easily lead into bankruptcy.
Sterling IT specialises in secure online backup and recovery. Whether you are looking for online backup of servers, distributed networks, workstations or notebooks, Sterling IT has a suitable solution and reliable technology that will scale with your business.
Sterling IT provides real-time, hassle-free, local and offsite backup protection. It offers a reliable, centrally managed backup solution that unravels complexities and makes it easier for IT managers and business owners to protect their organization’s most important asset – their data.
Both small business and enterprise solutions Sterling IT offer both allow unlimited clients. That is you can run the backup client on 1 computer/server or 100’s of computers/servers (including laptops that are in the field all the time). That’s right, NO CLIENT FEE. You can start with 1 or 2 systems and just keep installing onto more computers or servers as required. All that is required is an internet connection.
In today’s information-driven organisations, the cost of managing, keeping available and recovering data can be overwhelming.
The ever-increasing role digital information plays in our lives has increased scrutiny over how it is stored and protected.
In order to ensure company’s good name, integrity and longevity, data must be stored securely and in multiple locations; this is no more just “nice to have”, it is a necessity.
Enterprises are seeking new ways to tackle their data protection challenges. While data growth is not new, the pace of growth has become more rapid, the location of data more dispersed and the value much higher.
Sterling IT offer plans starting from $9 per month based on storage requirements. Unlimited computers! All backed up to AUSTRALIAN DATA CENTRES.
SITBACK is the easy to use, automated and affordable way to backup your irreplaceable data. At your predetermined time, your data is encrypted, compressed and sent to our secure, offsite servers.