29
Jun 2020
0
an iamge of a locked computer as part of the case study for ransomware recovery

Case Study: Ransomware Recovery

An Encompass customer in the Industrial Heating industry recently fell victim to an opportunistic ransomware attack that had

Case Study: Ransomware Recovery

Case Studies , , , , , , , , , , Sean Balogh

An Encompass customer in the Industrial Heating industry recently fell victim to an opportunistic ransomware attack that had encrypted all internal system files, as well as their Epicor application files. As a result, work was unable to continue, bringing operations to a standstill. Encompass’ Managed Services (MS) were enlisted to help get things back up and running. The company requested this case study on their ransomware recovery project be posted anonymously.

Ransomware Recovery Project Background

The company’s network fell victim to a severe ransomware attack. Unfortunately, it affected all internal systems, including backups. The attack took down the company’s systems completely in a matter of hours, forcing the company to rebuild from scratch.  Fortunately, the company was able to save its Epicor Database.

The Plan

Initially, there was no internal plan in place at this company to address the initial attack or the fallout from such an event. The results from the attack were a focused effort to get systems up and running as fast as possible as well as restore a state of operational functionality.

Objectives for the engagement with Encompass Solutions’ Managed Services team were to recover system use, rebuild what was lost, and establish backups.

A plan to instate standard operating procedures that would minimize the potential for reoccurrence and maximize the efficiency of response and ransomware recovery followed.

The Execution

The company’s staff were able to provide Encompass with the necessary documentation, in the form of a blueprint of the existing Epicor environment, to rebuild the system in a more structurally sound way than the original.

Encompass’s Managed Services team worked with corporate IT staff to ensure backups and other security precautions were in place moving forward.

Overall, Encompass has just been a great asset to our organization. We have been through both a major Epicor upgrade and recovery process with them, and I am extremely impressed with everything they have done.  They definitely make my job easier.

– C.R., IT Manager

The Results

Encompass’ ‘s managed services team was able to work with the parent company to reestablish a stable network and functional Epicor system in less than one week.

Next Steps

Documented SOPs were put in place to routinely establish backups and test recoverability regularly.

This company was pleased with Encompass’ level of service and expedient reaction to the situation. The two organizations will continue to work together on future Epicor projects and system maintenance.

About Encompass Solutions

Encompass Solutions is a business and software consulting firm that specializes in ERP systems, EDI, and Managed Services support for Manufacturers and Distributors. Serving small and medium-sized businesses since 2001, Encompass modernizes operations and automates processes for hundreds of customers across the globe. Whether undertaking full-scale implementation, integration, and renovation of existing systems, Encompass provides a specialized approach to every client’s needs. By identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of the Industry.

08
Apr 2020
1
an image representing the increase in covid-19 ransomware attacks on small businesses and individuals working remotely

COVID-19 Ransomware Attacks

Unfortunately, we are seeing an uptick in opportunists using COVID-19 ransomware attacks across customers in many different industries. 

COVID-19 Ransomware Attacks

Cybersecurity , , , , Sean Balogh

Unfortunately, we are seeing an uptick in opportunists using COVID-19 ransomware attacks across customers in many different industries.  Ransomware attacks encrypt all files on your network, leaving you with no recourse but to rebuild your system, and worst case, to start over.

How To Protect Your Business From Opportunists And COVID-19 Ransomware Attacks

There are some steps that you can take to protect yourselves that we wanted to share. Encompass would be happy to assist you with any of these conversations, we have experience working with customers who have had to recover from critical system failures – up to and including rebuilding systems from scratch. We are happy to share our thoughts on how to harden your systems to ensure this does not happen to you.

Backups. Make sure you have a backup plan in place, that it is running, and that it has been tested. Make sure your backups are not stored on your network – we have seen customers following good backup plans, but by leaving their backups on the network, have found that the backups have also been lost due to encryption. Make sure you have recent backups, that they are stored off-network, and that you periodically run a trial restore, to ensure that the backups are indeed comprehensive – there may be critical components on other servers (custom reports, custom labels) that are not included in your backup plan.

Media and license keys. This is a great time to locate media to install business-critical applications, and that you have the appropriate license keys. Often the software may have been purchased many years ago, and with role changes in your organization, it may not be apparent that they are not available, until they are needed.

Key reports. Frequently generate and store copies of critical reports, ideally both on paper, and electronically that can be used to ensure your business can keep running should the system need to be rebuilt. Things like Aging Reports, Production Schedules, and other critical reports can be automatically generated and sent to an email address should they be needed during a system outage.

Business Continuity plans.  Make sure each department has ‘run on paper processes that can be used if needed – preprinted packing slip templates, inventory move templates, production data capture templates. These can be used while a system is restored, and can be re-keyed once the system is online to ensure accuracy.

Be proactive. There are things you can do to protect yourself from these kinds of attacks. Evaluate true failover systems that allow a shadow installation to come online if needed.  Ensure you have multiple-factor authentication configured for your email systems to prevent unauthorized access. Run anti-malware software on key servers that can detect mass file changes and quarantine that program.

Recovery Documentation. Keep all documentation, receipts, expenses, emails, etc. for any legal or insurance needs in the future. Creating a folder within your email program and minimizing email subject threads are two tips for managing this process.

Quick Reference Guides. Have these been created for your most critical servers and business applications? These might contain items like usernames and passwords, support contacts, and other important information. Make sure to have these in printed format and kept in a secure location. Some companies put these in a fire-proof safe to protect them from fire or flood damage.

Contact Financial Institutions. You will want to contact your financial institutions (credit cards, banks, retirement, etc.) to make sure they are aware of any suspicious-looking activity. The cyber crooks have your data and can easily unencrypt it to gain important information.

User Education. Educate users to bring awareness on ways to prevent future disruptions. Often we hear of stories where an email came from a contact that looked legitimate but later found out it was a phishing scam to get a user to provide their username and password. Programs are available to help companies better prepare their user community.

Review Network Access. A regular audit of all network shares, user accounts, and security groups to close off any vulnerable access points.

Stop the Spread. Cryptoware and Ransomware spread via network shares. Once this gets into your network, it can take over your entire business infrastructure. If you detect this is happening, immediately shut down all servers and/or pull the network cables. Doing so will increase your chances of recovering some of your data.

Contact Law Enforcement. This may not be the first thing on your mind, however, once you have neutralized the ransomware from spreading contacting your local FBI cyber criminal division is a necessary step.

Do Not Pay the Ransom. Whatever you do, if at all possible, do not send any money to them. Doing so only makes you vulnerable to future attacks. Exhaust all your resources, backups, and data recovery options before paying any monies.

About Encompass Solutions

Encompass Solutions is a business and software consulting firm that specializes in ERP systems, EDI, and Managed Services support for Manufacturers and Distributors. Serving small and medium-sized businesses since 2001, Encompass modernizes operations and automates processes for hundreds of customers across the globe. Whether undertaking full-scale implementation, integration, and renovation of existing systems, Encompass provides a specialized approach to every client’s needs. By identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of the Industry.

01
Aug 2018
1
a photo of a ransomeware data breach on a users computer - encompass solutions cybersecurity erp consulting

Ransomware: 5 Things To Know Before You’re A Victim

Ransomware has emerged as one of the preeminent tools utilized by malicious actors who target the data of

Ransomware: 5 Things To Know Before You’re A Victim

Cybersecurity , , , , Sean Balogh

Ransomware has emerged as one of the preeminent tools utilized by malicious actors who target the data of businesses around the world. In 2018, ransomware attacks have been on the rise. Following these critical guidelines can help mitigate the impact a breach will have on your business.

First Things First: Educating Employees

You probably already know not to open suspicious emails or click on links that look less than legitimate. That said, human nature prevails and it never fails that curiosity or carelessness gets the better of some people in the line of work. Human negligence is one of the largest, if not the top, contributors to such compromising positions as viruses, malware, and ransomware. However, there are ways to mitigate risk if you should ever find yourself on the wrong end of a malicious data breach. Educating your workforce about certain email and filesharing policies can reduce risk before you encounter a breach. Conducting in-house phishing and penetration tests are other useful avenues to explore if you have the resources available. These can open up opportunities to have candid conversations about security in the workplace as well as work to identify shortcomings in your security efforts.

An image concept of how to protect your critical business systems from ransomware. incorporating protective barriers can secure sensitive data.

Disconnect, But Don’t Unplug

One critical mistake Ransomware victims make time and again is rushing to shut down their machine at the sight of a ransomware prompt. This is a terrible response because it will make data forensics a much more arduous process for in-house or external teams attempting to unravel the source, extent, and possible resolution to the breach. In this case, disconnect affected machines from the internet, but do not turn them off.

Don’t Panic

This is a critical time and your response will dictate the course of your recovery from this unfortunate event. As with many stressful situations that emerge in life, panic rarely results in a favorable outcome. Keep your composure, collect the personnel necessary to evaluate the situation, and prepare to enact your response plan.

The Recovery Plan

You’ve been breached. This is the moment you prepared for. Follow the steps of your carefully designed plan and follow through on every step as you work towards a resolution.

There is no rubric when it comes to data breach recovery plans. Each instance is unique to each business. Sit down with your in-house security personnel or consult with an external team to develop the ideal plan of action should you fall victim to ransomware or another malicious incident targeting your sensitive data.

Evaluating Backup Data

If at this point in the scenario you have not prepared a recovery plan or created backups for your sensitive data, chances are you’re feeling uneasy about the future of operations, potential legal action, and your company’s reputation. However, this is only a hypothetical situation and you now have the idea in your head that creating a sound recovery plan in the event of a breach and backing up important files can’t wait until after the fact. Don’t wait until it’s too late to prepare your organization for a breach. Take steps towards preparing a disaster recovery plan and begin backing up your files regularly.

Call Data Forensics

Now is the time to perform an assessment with your in-house team or enlist data forensics professionals to determine the incident’s root cause, what, if any, data has been extricated from your systems, and if the malicious actor remains inside your system with unlimited access.

Contacting the federal authorities is another option that should be taken into consideration. Some cybersecurity consultants will tell you it’s a waste of time as the three-letter organizations get hundreds of reported ransomware events a day. Others will tell you it is imperative you contact federal authorities in the event you fall victim to ransomware. Alerting the authorities likely won’t have a detrimental effect on your status if you already found yourself the victim of a breach. Their experience and advice could put you on the right course to a speedy resolution.

Ransomware And Cybersecurity Checklist

  • Commit an incident response plan to paper and practice it regularly, updating as necessary alongside new threats and security technologies as they emerge.
  • Carry out ongoing penetration testing and vulnerability scanning. These are both examples of controlled probing of your systems for chinks in your hardened systems’ armor.
  • Keep your applications and operating systems up to date with the latest patches.
  • Train your workforce in the best practices as they apply to cybersecurity. The largest contributor to breaches is human vulnerability.
  • Continuously monitor your network integrity. This includes your anti-virus and malware protection software.
  • Conduct quarterly or annual data audits and mapping to know where your sensitive data is, how it’s stored, and how best to protect it.
  • Audit your external groups and accounts for vulnerabilities. Chances are good that a third party you conduct business with can present a vulnerability if they are not following the same cybersecurity standards as you.
  • Back up your data regularly and test your data recovery plan often. Simulated brute force, phishing, and attack scenarios can keep your teams on their toes and continuously aware of security.
  • Understand your liability, the data protection requirements, and necessary compliance regulations in your jurisdiction.

About Encompass Solutions

Encompass Solutions, Inc. is an ERP consulting firm and Epicor Platinum Partner that offers professional services in business consulting, project management, and software implementation. Whether undertaking full-scale implementation, integration, and renovation of existing systems or addressing emerging challenges in corporate and operational growth, Encompass provides a specialized approach to every client’s needs. As experts in identifying customer requirements and addressing them with the right solutions, we ensure our clients are equipped to match the pace of the Industry.