Padlock

Ransomware Attack Victim: Once Bitten, Twice Shy

A dozen years after it was hit, ransomware attack victim A1care continues to search for and implement the latest and greatest in security software.

One day in 2006, Percy Syddall arrived at his business, sat down, turned on the computer, and discovered that he couldn’t access the system. He couldn’t get onto the company’s network, couldn’t access files or applications, and couldn’t reach any of the corporate data. He was completely locked out--a ransomware attack victim.

Syddall, the CEO of A1care, a home healthcare company in the San Francisco Bay area, was a victim of ransomware almost a dozen years before the threat of ransomware reached the national conscience through such high-profile attacks as WannaCry, NotPetya and SamSam. A1care’s computer system, network and applications were being held hostage by unknown attackers who demanded hundreds of thousands of dollars before they would enable Syddall to regain access to the system.

The CEO spoke with other companies about the situation--ransomware was still a relatively unknown form of attack, even though it had been around for at least a decade before it reared its head with A1care--and after weeks of negotiations that included changes in conditions and demand for more money, Syddall eventually paid the ransom and got its system, applications and data back.

At the time of the attack, the situation was chaotic. As Syddall told ITPro Today, he had no idea what was going on, had never heard of ransomware, and “didn’t even know what it was or how these people were able to do the things they were doing.” There also was a scramble to raise the money--banks back then had rarely heard of ransomware and were reluctant to loan money to a small-business CEO who said his computer systems were being held hostage, Syddall said--and to alert customers about the situation.

“One of the things that was so disheartening was that I had to contact every one of our clients and let them know that we had something wrong with our systems,” he said. “That was heartbreaking. Once we had settled it and we retrieved the information, we had to verify everything. The most disheartening thing was we had to call out clients and ask them who was working there--who were my caregivers who were working there--and that was shocking to them. I had to explain to them we couldn’t get in our system.”

Longer term, the ripple effects from the attack continued for more than a decade. At the time of the attack, Syddall said, he felt he had all the security he needed in place--including the use of cybersecurity software from the likes of McAfee and Symantec, and having his workers defrag their systems at the end of every week. He soon learned that wasn’t enough, and, during the past dozen years he has run through numerous security solutions to keep a step ahead of bad actors who have become more sophisticated and malware that has become more complex. The threats keep evolving, so the defenses that A1care employs must also evolve quickly, he said.

“I’ve come to the point where you cannot have enough security,” Syddall said. “That is the bottom line since 2006. You can never have enough.”

The latest example is his embrace this year of Mirror Shielding technology from NeuShield that is designed to essentially create a layer of protection that--should an attacker get through other defenses--enables the harmful code to simply attack a mirror image of the data on the network. Meanwhile, workers can see that the attack has happened and with one click restore the file to its pre-attack condition and continue to work, according to Marcus Chung, CEO of BoldCloud, which helped set up A1care with NeuShield’s Data Sentinel mirror-shielding technology. The product is designed to work in conjunction with traditional security solutions like anti-virus and backup-and-recovery software.

“It’s very important for businesses and individuals to know that, as much as we’d like to have that one magic silver bullet--have this one security product and it solves all my problems-- unfortunately, it doesn’t work that way,” Chung told ITPro Today. “The best way is to marry your security and overlap those capabilities.”

For A1care’s Syddall, bringing in NeuShield falls in line with what he’s been doing since 2006. The company has run through at least three to four security solutions during that time, to ensure it has the best protection possible. Right after the ransomware attack, Syddall hired an IT manager but learned quickly that most IT professionals don’t have deep security backgrounds. He brought on 24hourtek to help with security. The service provider scans A1Care’s systems at night at midnight to find threats and detect anomalies. (A1care recently fired an employee after 24hourtek discovered he was viewing pornography on company computers.)

At the same time, Syddall over the years has learned as much about security as he could. When new security products came out, he would have vendor representatives come to his office, talk about the technology and get a demonstration.

“Here’s the funny thing: I would ask a lot of people who come to my office to sell me on their security, ‘If I put this into my system, is it hackable?’” the CEO said. “And they would say, ‘No, once you put this into your system, you won’t be hackable,’ which I know is not true. There’s just no way to stop a hacker if he wants to get in. But my main thing was I wanted to make sure my system wasn’t compromised, that my data wasn’t used for any purpose except by people in my office.”

A1care isn’t a large company, but it has its share of security challenges. It has about 600 clients, but it’s a highly mobile computing environment, with the bulk of its caregivers work from home or the road over laptops and iPads. The company is in the process of expanding its business into Utah, creating an even wider distributed environment. At the same time, Syddall continues to try to make A1care a completely paperless company, with everything online.

Ransomware, fueled by WannaCry and similar campaigns, was the top cybersecurity threat last year, but security researchers from companies like Kaspersky Lab, Trend Micro and Check Point Software have found that the incidence of ransomware has slowed since late last year as protections against it have improved and stealthier malware variants, like those that steal compute power to mine cryptocurrencies, have grown in popularity.

Still, ransomware is still out there and the healthcare industry--with its wealth of personal data--continues to be a target. According to cybersecurity vendor Cylance, the healthcare industry was the target of 34 percent of the ransomware attacks in 2017, twice that of the second largest target, manufacturing.

Syddall first spoke with BoldCloud’s Chung in January, and installed and deployed NeuShield several months later. Chung said the patent-pending technology focuses on protecting files and data, which has become coin of the realm in the IT industry. It can protect against a broad range of threats, from ransomware to cryptojacking and zero-day attacks.

“It first provides a protective barrier around the files and data, and it prevents any harmful code from changing or corrupting the actual files,” he said. “The key differentiator of this technology is that it’s basically independent of detections, so it’s not reliant on signatures or updates or anything like that. Instead, the malicious code is allowed to attack a mirror image of the data. Then it’s simple click-through to an unaffected version of the file.”

Chung said a way to envision it is that the real data is put away in a digital vault that only IT administrators and authorized users have access to. Harmful code doesn’t have access to the vault, but can only play around with “fictionalized” data.

“We let them see a mirrored image of data,” he said.

That focus on data was a selling point for Syddall.

“One thing I liked was they focused on the files,” he said. “The software they have mirrors the software we have, so it always [protects] the integrity of our files. Most people come in and talk about systems, but Marcus came in and he focused on the files that we have.”

Everything with NeuShield is working well, the CEO said, but he continues to keep an eye out for new products that may help keep A1care safe.

"When you pay money to get your system back," said Syddall, "yeah, that’s a huge lesson.”

 

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish